David Woods

+44 (0)1733 887793 dvwoods@greenwoodsgrm.co.uk

View full profile →

Flying high – the first penalty under the GDPR

Corporate and Commercial / 08 July 2019

The Information Commissioner’s Office has announced the first penalty that it intends to impose under the GDPR – and it is a massive 367 times greater than any penalty previously imposed.

In the summer of 2018 the personal data of some 500,000 customers was harvested by a fraudulent website to which hackers diverted them from the British Airways website. The data included names, email address and credit card details.

The ICO criticised the security measures deployed by British Airways and stressed the importance of organisations taking appropriate steps to protect privacy rights.  It announced that it intends to fine British Airways £183 million, which equates to 1.5% of BA’s 2017 worldwide turnover.

Before the GDPR came into force in May 2018 the maximum fine for breach of the UK’s data protection laws was £500,000; the GDPR increased that maximum to four times annual turnover.  The size of the penalty in this case demonstrates the impact of the changes.

This is a huge fine and a massive step-up in the enforcement of data protection laws. It is a clear reminder, if one were needed, that organisations must treat the personal data of their customers with great care.

Back to Our Thinking →

Get in touch with us

Interested in finding out more? Use this form to let us know how to contact you and what you’d like to know, and we’ll get back to you.

Alternatively, contact anyone listed on our website direct, they will be happy to hear from you.

  • This field is for validation purposes and should be left unchanged.