No doubt getting itself ready for the 72 hour breach reporting requirements of GDPR, on Wednesday 11 October the UK government agency, the Homes and Communities agency, reported that it has notified the Information Commissioner's Office of a limited breach of its information security policy on Monday 9 October.
An email sent in three batches to a total of 508 housing associations made visible other recipients' email addresses. In a statement on the gov.uk website, the Agency said: “While the information disclosed was not sensitive, we are taking this breach very seriously and apologise unreservedly.
It continued: “This incident should not have happened and we are committed to acting transparently with all relevant parties. We have apologised to all of the providers affected by the breach and we are taking urgent steps to ensure this never happens again.”
When you consider how many such emails we all receive, the sheer scale of reporting about to overwhelm the EU's GDPR offices suggests it will need to apply quite a few fines just to pay for people to read all the notifications it is likely to receive.