Another GDPR data breach hits the headlines
No sooner have we published a blog about British Airways’ largest GDPR fine on record, we find another story in the news.
It seems that hotel group chain, Marriott International, is next in line to be subject to one of the largest GDPR fines since the new GDPR laws were introduced last year. According to a recent story, the fine relates to an incident that is thought to date back to 2014, but was only discovered in late 2018. During that time, around 339 million guests have had their personal details exposed in a data breach that could be one of the ICO’s biggest fines to date.
The data breach included 30 million guest records that were held in a reservation system and occurred within a rival hotel group that was acquired by Marriott three years ago.
Whilst the system has since been phased out and eradicated completely from the hotel chain, the Information Commissioners Office (ICO) states that the fine still stands, as the rules relating to GDPR, and the personal details held by a company, are very clear. They also state that organisations should be accountable for the data they hold by carrying out proper due diligence and in the case of Marriott, at the point of acquisition, but also for any organisation looking to access or store any personal data they hold for their customers.
It seems that the ICO is starting to make examples of organisations that do not toe the line – and the size of the BA and Marriott penalties (£183m and £99m respectively) – shows that the fines for those who do not comply are eye wateringly high.
The General Data Protection Regulation, best known as GDPR, was brought into force in 2018 and aimed to give the public more transparency as to how their data is being stored, used and accessed. It seems that one year on, the ICO is not taking any nonsense and the fines will stand for both of these organisations.
If you would like some further information or guidance surrounding the new GDPR legislation, contact Downs Solicitors to see how we can help
More blog posts from this author
I own a start-up which grew very quickly and a few years ago I hired in a couple of senior personnel to help run the business. After 5 years, one of these senior hires is now leaving the business and going to a company which isn’t a direct competitor but operates in a very similar field.
Recent news reports indicate that some employers are considering making it compulsory for their staff to have a Covid vaccination. Is this a lawful, or even sensible, move by employers?
Today marks some key changes to the Job Retention Scheme where companies that have been using the government's coronavirus furlough scheme are now having to contribute to workers' wages.
More blog posts from this sector
British Gas has been in the media over recent weeks due to the “fire and rehire” approach with their employees.
The Department for Business, Energy & Industrial Strategy undertook a report into domestic abuse and the workplace. The report identified that the number of domestic abuse cases had increased during the pandemic and that 1 in 5 victims of domestic abuse had time off work. Sadly, research found that few employers were able to identify the signs of domestic abuse and/or had policies or procedures available to help support survivors.
As the UK eagerly tuned in to the most anticipated Budget for a generation, many were left wondering what the Chancellor’s traditional “rabbit out of a hat” might contain - especially as several big measures had been announced beforehand.