BA and GDPR

Happy belated birthday, just a year since GDPR came into force, the ICO has issued its biggest fine to British Airways (BA) for a data breach relating to 500,000 customers.

Customer details including login, payment card, name, address and travel booking information were found to have been harvested after being diverted to a fraudulent website, with the ICO saying that the data breach in June 2018, occurred because BA had “poor security arrangements”.

The fine, for BA, has been issued with a fine amounting to £183m, or 1.5 per cent of its worldwide turnover in 2017, beats the trifling £500,000 that Facebook faced over date use by Cambridge Analytica.

Dianne Yarrow, partner and commercial solicitor at Gardner Leader solicitors commented: “This first large fine would always be hotly contested and in the next 28 days, we should learn more details of the basis on which BA will appeal the ICO’s decision, together with the ICO’s response to the appeal. The ICO will have to take into account; any action was taken by BA to mitigate the damage suffered by data subjects, the degree of co-operation with the supervising authority and any other mitigating factors.”

    Share Story:

Recent Stories