To relax. To pay. British Airways faces the first post-GDPR fine.
The ICO announced on 8 July 2019 that it intends to fine British Airways £183.39m for infringing the General Data Protection Regulation (GDPR).
Previously, the highest penalty imposed by the ICO has been £500,000 to Facebook following the Cambridge Analytica data scandal – the maximum limit pre-GDPR. Following GDPR, the maximum penalty is 4% of global turnover or €20m, whichever is greater. The BA fine represents 1.5% of its global turnover in 2017.
In September 2018, British Airways reported to the ICO that since June 2018, customers had been diverted from its legitimate website to a fraudulent site and had their card payment details harvested as a result. The ICO investigated and subsequently found that lax security arrangements had contributed to the loss of BA customers’ personal data.
Information Commissioner Elizabeth Denham said: “…the law is clear – when you are entrusted with personal data, you must look after it.”
We strongly advise our clients:
The content of this webpage is for information only and is not intended to be construed as legal advice and should not be treated as a substitute for specific advice. PDT Solicitors LLP accepts no responsibility for the content of any third party website to which this webpage refers.