Menu
  • Home
  • About us
  • People // Updates
  • Specialisms
Search

VIEW ALL

Generic filters
Exact matches only
Filter by Custom Post Type

LATEST UPDATES

Longer Reads

How are your cryptoassets taxed?

Longer Reads

How to make use of entrepreneurs’ relief

Longer Reads

How do the family courts approach international child cases?

Longer Reads

How are your cryptoassets taxed?

Longer Reads

How to make use of entrepreneurs’ relief

Services

< back to People // Updates
< back to Specialisms
< back to Specialisms
< back to Specialisms
< back to Specialisms

Shorter Reads

British Airways facing record GDPR fine

8 July 2019

SHARE

Authors

Patrick Wheeler

Partner - Head of IP & Data Protection

Talk to Patrick about Data protection & Intellectual property & Intellectual property disputes

The fine represents 1.5% of its 2017 worldwide turnover, and whilst below the maximin possible 4% fines represents the largest single fine handed down by the Information Commissioner’s Office (ICO).

Patrick Wheeler, Partner and Head of Intellectual Property and Data Protection at Collyer Bristow said: “The first anniversary of the GDPR passed on 25 May and we are only now seeing the ICO beginning to issue fines on breaches they have been investigating for several months.  If businesses were feeling complacent about their GDPR obligations, thinking that nothing was going to happen, this record fine should serve as a wake-up call.

“We were expecting the ICO to hand down some pretty hefty fines to coincide with the first GDPR anniversary and it has now started to do so.  The ICO has shown that it takes its regulatory responsibilities protecting the interests of data subjects very seriously and also that it wants businesses to work hard to comply.

“The fine imposed on British Airways may be the first, but it will not be the last: several large commercial and public sector entities will all be in the ICO’s spotlight.”

Businesses faced with a data breach are reminded that they must:

  • Investigate to establish whether a breach has occurred and its likely impact.
  • Breaches affecting the rights and freedoms of individuals need to be addressed immediately.
  • If such a breach is confirmed it must be reported to the ICO within 72 hours.
  • Your data protection team must then take all necessary steps to stop it continuing and:
    • Establish how the breach occurred
    • Investigate the extent of the information breached
    • Determine the consequences of breach
    • Outline measures to prevent further breaches
  • Determine then whether specialist legal and crisis management advice is needed
  • Review your current data and cyber security arrangements.
  • If appropriate, disclose the data breach to those affected and wider stakeholder. Full disclosure and reassurance about the corrective steps being taken is often the best policy.
  • Do not forget to notify ICO within 72 hours.

Patrick Wheeler is available for interview.  He can be reached by email: Patrick.wheeler@collyerbristow.com.

SHARE

Related content

GDPR

Our Data protection team supports clients across a range of different industries in ensuring compliance.

READ MORE

About Us

We are Collyer Bristow - The law firm for those that value individuality, creativity and collaboration.

Find out more

THE COLLYER BRISTOW TEAM

We celebrate the unique and distinctive qualities of our people, who work together to provide our clients an exceptional service and experience.

VIEW EVERYONE

Latest news:

Collyer Bristow recognised as one of the top law firms in the UK

You are contacting

Patrick Wheeler

Partner - Head of IP & Data Protection

patrick.wheeler@collyerbristow.com



About us

People // Insights

Specialisms

NEWSLETTERS & EVENTS

NEWSLETTERS & EVENTS
Subscribe now

© 2020 Collyer Bristow LLP

© 2020 Collyer Bristow LLP