8 July 2019

British Airways planeMore than a year has passed since the General Data Protection Regulation (GDPR) came into force across the EU.

In May The Register reported that European data protection agencies had handed out fines totalling €56m in the year since the ‘GDPR deadline’, much of which came from France’s CNIL’s €50m (approx. £44.8m) fine for Google. Even Google’s seemingly huge fine pales into insignificance compared to the penalty handed out to British Airways (BA) which was announced this morning.

BA is facing a record fine of £183m from the Information Commissioner’s Office (ICO). This follows the huge personal data breach of half a million customers. Stolen details included names, billing addresses, travel booking information, login information and card details including the CVV.

Whilst the amount of data is alarming, BA claims it has had no reports of any harm coming to customers. The ICO, however, noted “poor security arrangements”, issuing the subsequent fine.

Consequences for British Airways

The fine reflects 1.5% of BA’s global turnover for 2017, which hit around £12bn. The maximum penalty is 4%. That would have meant a fine of around £480m had the ICO decided to really make an example of the airline.

These are huge numbers that really do reflect the importance of protecting personal data in the modern age. We live our lives online. Huge amounts of our identity are stored by businesses and organisations who need to take that responsibility seriously. I am by no means saying that it is easy. Generally, the bigger the business, the more data it has to manage. The older the business, the more legacy tech it has to update. And that’s all whilst keeping an eye on evolving cyber-threats and techniques to ensure that you’re ahead of the game, as much as you could possibly be. It is certainly not easy, but it is the reality of operating in a digital business.

If you are concerned about GDPR and where you stand with your business, the team at UKFast put a guide to GDPR together ahead of the deadline last year that’s available from the website.


Back to Blog