Another GDPR data breach hits the headlines

Another GDPR data breach hits the headlines

No sooner have we published a blog about British Airways’ largest GDPR fine on record, we find another story in the news.

It seems that hotel group chain, Marriott International, is next in line to be subject to one of the largest GDPR fines since the new GDPR laws were introduced last year. According to a recent story, the fine relates to an incident that is thought to date back to 2014, but was only discovered in late 2018. During that time, around 339 million guests have had their personal details exposed in a data breach that could be one of the ICO’s biggest fines to date.

The data breach included 30 million guest records that were held in a reservation system and occurred within a rival hotel group that was acquired by Marriott three years ago.

Whilst the system has since been phased out and eradicated completely from the hotel chain, the Information Commissioners Office (ICO) states that the fine still stands, as the rules relating to GDPR, and the personal details held by a company, are very clear. They also state that organisations should be accountable for the data they hold by carrying out proper due diligence and in the case of Marriott, at the point of acquisition, but also for any organisation looking to access or store any personal data they hold for their customers.

It seems that the ICO is starting to make examples of organisations that do not toe the line – and the size of the BA and Marriott penalties (£183m and £99m respectively) – shows that the fines for those who do not comply are eye wateringly high.

The General Data Protection Regulation, best known as GDPR, was brought into force in 2018 and aimed to give the public more transparency as to how their data is being stored, used and accessed. It seems that one year on, the ICO is not taking any nonsense and the fines will stand for both of these organisations.

If you would like some further information or guidance surrounding the new GDPR legislation, contact Downs Solicitors to see how we can help

More blog posts from this author

Can I force my staff to have the Covid Vaccination?

Recent news reports indicate that some employers are considering making it compulsory for their staff to have a Covid vaccination.  Is this a lawful, or even sensible, move by employers?

Furlough Update - 1 September 2020

Today marks some key changes to the Job Retention Scheme where companies that have been using the government's coronavirus furlough scheme are now having to contribute to workers' wages.

Celtic footballer’s quarantine breach may amount to gross misconduct

It is often said that the football industry is unlike any other. The money involved, the rewarding of past failures with new appointments and the self-indulgence of a minority of players.

More blog posts from this sector

The Spring Budget 2021: A Summary

As the UK eagerly tuned in to the most anticipated Budget for a generation, many were left wondering what the Chancellor’s traditional “rabbit out of a hat” might contain - especially as several big measures had been announced beforehand.

Coronavirus and Sick Pay

As new variants of the coronavirus are emerging and the pandemic continues, employees will continue to take sick leave due to testing positive for the coronavirus and/or being required to self-isolate.

Caring for your employee’s mental health

The WHO defines good mental health as: “a state of wellbeing in which every individual realises his or her own potential, can cope with the normal stress of life, can work productively and fruitfully and is able to make a contribution to his or her community.”

Our Team

Meet all of the team at Downslaw


Cobham

15A High Street
Cobham
Surrey
KT11 3DH

T: 01932 589599
F: 01932 505087

DX: 46102 COBHAM

Dorking

156 High Street
Dorking
Surrey
RH4 1BQ

T: 01306 880110
F: 01306 471230

DX: 57300 DORKING

Godalming

The Tanners
75 Meadrow
Godalming
Surrey
GU7 3HS

T: 01483 861848
F: 01483 431965

DX: 58308 GODALMING 1