[raxxorrax]

Auto-completing e-mail adresses is a GDPR violation? Because you could iterate them and see all the contacts? Seriously?

[richthegeek]

Any exposure, intentional or accidental, of PII to a non-authorised person is a GDPR violation. An email address is PII as it's unique to that person.

Consider the Ashley Madison breach - there were websites that let you search for an email address and see if it was included. Even without the name or address of the person it was sufficient PII to cause damages (however 'deserved').

[raxxorrax]

On public websites I would agree, but all our mail clients have auto-completion. So would we need to turn that off? Would probably disable half the company.

I don't know who Ashley Madison is but that sounds far beyond sensible protection. Given, auto-completion is restricted to employees plus some locally saved contacts. It is just the standard outlook-exchange setup.

[unionpivo]

You can set up what (groups) autocomplete as a admin on both outlook and g suite (probably other providers).

Otherwise it's only people you have been in contact with.

[moksly]

No, but sending all that personal information to the wrong person is, and it’s the most common GDPR violation in my country.