How often have you accidentally sent an email to the wrong person?  It’s so easy to do. You’re busy, and it’s urgent. It must go out immediately!  You press the send button and instantly realise it’s gone to the wrong recipient, or multiple recipients.   999 times out of a 1,000 this isn’t going to be an issue.  You recall it, apologise to the recipient(s) and they delete it ~ no harm done!

What happens when that email contains sensitive data? Data that you are liable to protect under GDPR rules?   This can be classed as a data breach, and may be a reportable issue under GDPR legislation. It could mean that your organisation is fined, leading to all kinds of issues.

CASE ~ Gloucestershire Police were fined £80,000 by the Information Commissioner’s Office (ICO), relating to an email breach on sensitive data! An officer sent an update on a case to 56 recipients by email.  He used the TO field, rather than the BCC (blind copy) field.

ICO Head of Enforcement Steve Eckersley said:

“This was a serious breach of the data protection laws and one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity.  The risks relating to the sending of bulk emails are long established and well known, so there was no excuse for the force to break the law – especially when such sensitive and confidential information was involved.”

It’s easily done and mistakes happen, unfortunately this isn’t an excuse under GDPR rules!


  • USE ~ Email encryption or password protection for files where personal or sensitive data is being sent. Alternatively, look at sharing it by secure file sharing rather than email.
  • TRAINING ~ Staff awareness training is imperative.  Staff not only need to be aware of possible hacking/phishing, but also how important it is to be vigilant and precise at all times when handling personal data.

CT Business Solutions are IASME certified, and we can help with all areas of security including secure file sharing, email encryption and staff awareness training.

Don’t wait until this becomes a problem. Get in touch TODAY and allow us to put processes in place to ensure that you are doing everything possible to protect your business and the data you hold.

ERIC ARNOTT  ~ Director

T. 0161 798 4336