GDPR update: New regulation takes off with British Airways fine
Just as you thought that the General Data Protection Regulation was a figment of your imagination, the Information Commissioner’s Office (ICO) has shown that it means business by announcing its intention to hand down its first fine under the GDPR to British Airways – for an eye-watering £184 million.
The announcement on 8 July 2019 came in the wake of the ICO’s investigation, which found that approximately 500,000 British Airways customers’ personal data was compromised by poor security arrangements.
Just two days later, the ICO flexed its muscle again by stating its intention to hand a fine of almost £100 million to Marriott International, the parent company of hotel chains including W, Westin and Le Méridien, which admitted that guests’ personal data records, including credit card details and passport numbers, had been stolen.
Under the data protection rules that pre-dated the GDPR, the maximum fine of £500,000 was issued by the ICO, which was handed to Facebook over the Cambridge Analytical scandal back in October 2018.
This is a timely reminder that the GDPR is very real, and that companies of all sizes are bound by precisely the same rules and need to handle personal data with the utmost sensitivity. If you’re unsure about your firm’s compliance, why not check that your house is in order by reading our blog piece?