British Airways has been hit with a record £183m fine under GDPR for last year's serious data breach involving customer data and credit card details.The European General Data Protection Regulation (GDPR) came into force on May 25th last year, imposing tougher new cyber-security requirements on firms that collect or process the personal information of customers. Any UK firm suffering a breach involving personal information must report it immediately to the Information Commissioner's Office on discovery, and they will conduct an investigation.
The fines for GDPR violations were headline news last year, with scary fines of up to €10-20m EUR or 2-4% of annual global turnover (whichever is higher) for serious breaches that are ruled to be the company's fault. Until today, the biggest fine levied by the ICO for a data breach under the UK's old data protection law was £500,000 it fined Facebook and Equifax in 2018, the maximum fine permitted under the 1998 Data Protection Act.
Today the ICO made its biggest fine yet under GDPR legislation when it hit British Airways with a record £183m fine. While this is hundreds of times larger than the fine it levied against Facebook, it represents only about 1.4% of the company's annual turnover as reported for 2018. This comes in well under the 2-4% fine limit that the ICO can impose on firms by law.
The ICO took this stance after considering all of the factors in the case. While British Airways initially reported that the breach took place from 21 August 2018 to 5 September 2018, the ICO now reports that the incident is believed to have started as early as June. British Airways also originally claimed that the breach didn't involve travel or passport details, but the ICO now reports that travel booking details were compromised.
The compromised information reportedly includes names, addresses, email addresses, travel booking details, and full credit card information of customers. The ICO ruled that the breach was the result of poor security arrangements at British Airways, and that the company had complied with its investigation and made improvements to it security arrangements since the event.
Source: BBC News
About the author
Brendan is a Sync NI writer with a special interest in the gaming sector, programming, emerging technology, and physics. To connect with Brendan, feel free to send him an email or follow him on Twitter.
Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.
Sign up now for a FREE weekly newsletter showcasing the latest news, jobs and events in NI’s tech sector.