I work in school admin and our school is in the process of getting ready to open on the 1st June. Part of the process is to contact parents of the children in the specific year groups and ask them to complete a survey for us. The IT department have sent the survey out through our app and Facebook page. Both of these require the parents to have registered and a lot of our parents haven't. I was asked by the headteacher to email the parents we hold email addresses for. Our MIS system is capable of communicating via email but our trust has not set this up so I had to copy and paste each email address. I was doing this from home, on a tablet with a two year old running around (my husband had to hold him still whilst I sent the email) and I don't generally work fridays but knew the deadline for the responses was 5pm so I sent the email asking parents to complete the survey by clicking the attached link.
I didn't BCC it! I know I should have, it never even occurred to me at the time though! I reported the breach to the headteacher immediately and was told to wait to see if anyone complains.
I checked this morning and a parent had emailed me to say 'a huge well done for the GDPR breach'.
I feel sick. There was no personal information included in the email other than addresses. The parent in question doesn't have her name in the email address so it doesn't give away her identity, but others probably do use their names.
The parent has said she will be requesting a SAR.
How screwed am I?
Please or to access all these features
Please
or
to access all these features
Chat with other users about all things related to working life on our Work forum.
Work
GDPR breach- I cocked up!
31 replies
duckme · 16/05/2020 13:34
OP posts:
Newsletters you might like
Please create an account
To comment on this thread you need to create a Mumsnet account.