Accidentally put 200 customer addresses in CC instead of BCC
Addresses in CC are visible to every recipient. With personal data or customer lists, that's a data breach.
Try this first
- 1Stop sending follow-ups to the same list
- 2Assess the impact: personal data, scope, risk
- 3Report to your Data Protection Officer if you have one
- 4If a risk to data subjects is likely: report to the Dutch DPA within 72 hours (Art. 33 GDPR)
When to bring us in
For large lists: always use an ESP with list management, never manual BCC.
See also
- Our emails land in spam for some recipientsAlmost always an SPF, DKIM, or DMARC setting that is wrong or missing, or a sender name that mimics a well-known brand.
- Someone reports receiving phishing emails "from us"Read: spoofing. Someone is abusing your sender name, not necessarily your actual mailbox.
- An email bounces (NDR): delivery failedThe NDR text usually states the exact reason. Reading it is step one.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.