GDPR violations — including inadvertent disclosure of personal data to unauthorized processors — can result in regulatory investigation, significant fines, and notification obligations. The fact that the disclosure was unintentional does not eliminate the obligation or the consequence.