The names and email addresses of children who are disabled or have special educational needs have been sent out in a mass email following a council blunder.
Parents of children were left ‘livid and upset’ by the data breach, which occurred on Monday morning (November 23).
Hundreds reportedly received the message from Bristol City Council - which an invitation to take part in a consultation survey.
But the recipient list was not hidden on the mass email.
The council director responsible for children and families, Ann James, apologised to parents and asked everyone who received the email to delete it.
In a letter to parents, Ms James acknowledged there was a GDPR breach.
She said: "This means that personal information was shared this morning, which should not have been.
"We did not use 'blind carbon copy' when sending an email to you this morning, and as a result your child's name and your email address could be viewed by everyone who received the email.
"The breach was caused by human error and I apologise unreservedly for any distress that this may have caused you or your family.
The council has referred the data breach to the Information Commissioner's Office, and they willl 'comply fully with their protocol'.
Ms James added: "I sincerely apologise for this error and want to reassure you that we have taken steps to find out what happened and why to help prevent this happening again."
The Information Commissioner's Office (ICO) will also be investigating and making recommendations.
A spokesperson for Bristol City Council told Bristol Live parents had been contacted.
He said: "We are aware that a breach of the General Data Protection Regulation (GDPR) has occurred and we have been in contact with those affected and have apologised.
"This case has been referred to the Information Commissioner’s Office (ICO) in line with the accepted process for reporting data breaches and we will comply fully with their protocol.
“Following a personal data breach an investigation is carried out into the causes.
"Where staff have made a mistake the matter is addressed as a training issue, and where there have been failures in policy or process any necessary changes are made to reduce the risk of a similar incident occurring in the future. In addition to an internal investigation, the ICO will also provide recommendations which Bristol City Council will act upon,."
