The Information Commissioner’s Office (ICO) has fined British Airways £20 million for an “unacceptable” data breach that affected more than 400,000 customers in 2018. To date, this is the largest fine issued by the ICO for a GDPR and/or Data Protection Act 2018 breach.
The ICO investigation found that British Airways failed to effectively protect client data. The breach occurred when hackers infiltrated BA’s systems and stole customer log in, payment card and travel booking details as well as name and address information. The breach went unnoticed for two months.
Information Commissioner Elizabeth Denman told the BBC
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”
This latest fine shows that the ICO, in line with other EU privacy watchdogs, is prepared to issue significant penalties under the GDPR and Data Protection Act 2018. Therefore, although preparations for Coronavirus and Brexit may be consuming your attention and resources, it is imperative that you ensure your organisation’s data protection compliance remains robust.
If you require any advice on Data Protection or GDPR matters, please get in touch with Ann-Maree Blake.
Please note – this article does not constitute legal advice.