• Subscribe   
  • Subscribe   

GDPR shows its teeth with record fine for British Airways

The UK’s Information Commissioner (ICO) announced that it intends to impose a fine of £183.39 million on British Airways, based on a 2018 data breach that it says infringed Article 32 of GDPR. The fine is the highest ever leveled at a company in the UK for a breach of data privacy. 

The ICO’s investigation found that customer information was compromised by sub-standard security, which allowed a malware programme to steal data entered on BA’s online booking site. Personal details, such as names, addresses, flight bookings, credit card numbers and site logins for around 500,000 customers were breached.

The fine is not final, as other member states have not weighed in yet. BA has indicated that it intends to lodge an appeal. 

Read more.

Our expert’s opinion:

Nine months since enforcement of the GDPR, fines imposed by EU data protection regulators for GDPR breaches, amounted to €56m. A large part of that – €50m – related to a single fine, imposed by the French regulators on Google in January 2019. 

The ICO’s ruling raises the bar and shows that UK regulators are taking data privacy every bit as seriously as their EU counterparts.  

The size of the BA penalty – which represents 1.5% of BA’s total annual revenues – drives home the fact that data breaches pose more than reputational risk to organizations. It also says that organizations must rather focus on the prevention of such incidents, as in this case, the claim by BA that it reacted quickly, doesn’t seem to have reduced the penalty. 

James Hall

James Hall

Commercial Director, UK

Looking for a digital partner that prioritizes the security of customer data?

By submitting your details via this form, you are consenting that we receive and store your information for the exclusive purpose of contacting you.
  • We will not share or publish your information or process it for any other reason.
  • Once your request is fulfilled, we will either delete your information or request your consent for further processing.
  • Please find additional information in our Privacy policy.
View our Terms of use | Protected by reCAPTCHA.