GDPR Breach Notification to EU Regulator

Write an GDPR breach notification letter to one of the EU Regulators (for example the ICO in the UK) with a breach notification for (at least) one of the following scenarios:

  • 1024 PhotoBooks and cards sent to the wrong recipient
  • Customer’s Usernames and Passwords available to download in S3 bucket (via exposed API key and Secret)
  • HR system exposed sensitive employee data to internal employees
  • Non-opted in customers received marketing communications
  • … Another scenario that you have personal/professional experience in….


  • You have creative license to expand the chosen scenarios
  • You can choose an EU Regulator from one of the four companies the Photobox Group operates (UK, France, Spain and Germany)
  • It would be very interesting to see the same scenario sent to multiple regulators, where the differences between them would be highlighted

Back to all challenges

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street