To relax. To pay. British Airways faces the first post-GDPR fine.
The ICO announced on 8 July 2019 that it intends to fine British Airways £183.39m for infringing the General Data Protection Regulation (GDPR).
Previously, the highest penalty imposed by the ICO has been £500,000 to Facebook following the Cambridge Analytica data scandal – the maximum limit pre-GDPR. Following GDPR, the maximum penalty is 4% of global turnover or €20m, whichever is greater. The BA fine represents 1.5% of its global turnover in 2017.
In September 2018, British Airways reported to the ICO that since June 2018, customers had been diverted from its legitimate website to a fraudulent site and had their card payment details harvested as a result. The ICO investigated and subsequently found that lax security arrangements had contributed to the loss of BA customers’ personal data.
Information Commissioner Elizabeth Denham said: “…the law is clear – when you are entrusted with personal data, you must look after it.”
We strongly advise our clients:
Contact our data protection specialists, Ian Lindley and Victoria Jessup, to see how we can help.
The content of this webpage is for information only and is not intended to be construed as legal advice and should not be treated as a substitute for specific advice. PDT Solicitors LLP accepts no responsibility for the content of any third party website to which this webpage refers.