Our offices will close at 1pm on Tuesday, 24th December 2019 and will re-open at 9am on Thursday, 2nd January 2020
May we take this opportunity to wish you a Merry Christmas and a Happy New Year
Please note: We will close at 4pm on Friday, 13th December 2019

swayne johnson logo

British Airways Receives Largest Ever Fine For Infringement of GDPR


british airways

Posted on 01 Jul 2019

The Information Commissioner’s Office (ICO) has issued a statement of its intention to fine British Airways (BA) a record £183.39m for infringing the General Data Protection Regulation (GDPR) in June 2018. 

This is the first intention of a fine to be issued by the ICO under the GDPR, and the proposed fine would be the largest fine ever imposed by the ICO. 

The fine relates to a cyber-security incident that took place via the BA website. Users of the BA website were diverted to a fraudulent site as a result of a hacking attack. Around 500,000 customers had their details compromised – including log in information, payment information and travel booking details. BA notified the ICO of the incident in September 2018. The ICO has since investigated the matter and found that the personal data breach occurred as a result of BA’s poor security arrangements. The ICO has now proposed a fine of £183.39m, representing 1.5% of BA’s worldwide turnover in 2017 (against the possible maximum fine of 4% of turnover). The ICO will be considering the representations made by BA and the other concerned data protection authorities before it takes its final position.

This incident serves as a reminder to all organisations of the importance of take the necessary steps to protect personal data against loss, damage or theft

Although organisations cannot always defend themselves against malicious hacking attacks, it is important to be able to demonstrate that appropriate steps have been taken to protect personal data and that data breaches are handled appropriately, to mitigate the amount of the potential penalty following any ICO investigation. 

If you would like to discuss further or enquire about advice on how to prevent, protect against, and mitigate personal data breaches, please call one of Swayne Johnson Solicitors’ specialist Data Protection Team:

 

Claire Sumner 

sumnerc@swaynejohnson.com

01745 818297, 07715 521804 or 01829 707884   

 

Juana Eastwood 

juanae@swaynejohnson.com   

01745 586833

 


Further News - »