British Airways is today facing a record fine of £183m for a data breach in June 2018, one month after the GDPR came into force.
8 July 2019
The fine represents 1.5% of its 2017 worldwide turnover, and whilst below the maximin possible 4% fines represents the largest single fine handed down by the Information Commissioner’s Office (ICO).
Patrick Wheeler, Partner and Head of Intellectual Property and Data Protection at Collyer Bristow said: “The first anniversary of the GDPR passed on 25 May and we are only now seeing the ICO beginning to issue fines on breaches they have been investigating for several months. If businesses were feeling complacent about their GDPR obligations, thinking that nothing was going to happen, this record fine should serve as a wake-up call.
“We were expecting the ICO to hand down some pretty hefty fines to coincide with the first GDPR anniversary and it has now started to do so. The ICO has shown that it takes its regulatory responsibilities protecting the interests of data subjects very seriously and also that it wants businesses to work hard to comply.
“The fine imposed on British Airways may be the first, but it will not be the last: several large commercial and public sector entities will all be in the ICO’s spotlight.”
Businesses faced with a data breach are reminded that they must:
Patrick Wheeler is available for interview. He can be reached by email: Patrick.email@example.com.