BA Faces "Largest" GDPR Breach Fine

British Airways (BA) looks set to face the largest GDPR penalty by the Information Commissioner’s Office (ICO) of £183m for last year’s data breach that put 500,000 customers’ details at risk.

In 2018, the airline’s website was diverted to a fraudulent site, where customers’ details were then able to be harvested by hackers. The ICO ruled that BA had been negligent in its protection of customers’ personal data, as the law surrounding GDPR, and the protection of such data, was quite clear.

Originally, BA reported the incident had jeopardised approximately 380,000 transactions. However, the stolen data did not include travel or passport details – so the ICO believe the false site actually harvested the details of around 500,000 customers. These details included names, emails and credit card details such as expiry dates and CVV codes.

The new GDPR rules came in to force last year and until now, the biggest penalty was imposed on Facebook amounting to £500,000 for its part in the Cambridge Analytica data scandal. However, with the maximum penalty having been increased under the GDPR and since the ICO considered the breach so significant, they applied the percentage of turnover calculation in determining the penalty due – i.e 1.5% of BA’s turnover in 2017.

Whilst that is a staggeringly high amount, the ICO can actually fine organisations up to 4% of turnover. It just goes to show that they mean business, and that there are severe consequences for those who do not abide by the law.

If you would like some further guidance surrounding GDPR compliance at your organisation, or you have been accused of a data breach and you would like some legal advice, contact Downs Solicitors to see how we can help.

More blog posts from this author

Family Investment Companies

What is a family investment company (FIC)?

FICs are companies limited by shares (an “Ltd” or “Limited”) often setup by parents or grandparents (“Founders”) to benefit both themselves and their family as shareholders. Their popularity has increased in recent years, being seen as a corporate alternative to the more common discretionary trust.

Election round up – the results

We've woken up to the news this morning that, following a public vote in a general election, the Conservative party will be forming a government after winning the biggest majority vote in over 30 years.

BA Faces "Largest" GDPR Breach Fine

British Airways (BA) looks set to face the largest GDPR penalty by the Information Commissioner’s Office (ICO) of £183m for last year’s data breach that put 500,000 customers’ details at risk.

More blog posts from this sector

Changing an employee’s terms and conditions is challenging both from a legal and trust perspective.

British Gas has been in the media over recent weeks due to the “fire and rehire” approach with their employees.

Domestic Abuse in the Workplace

The Department for Business, Energy & Industrial Strategy undertook a report into domestic abuse and the workplace. The report identified that the number of domestic abuse cases had increased during the pandemic and that 1 in 5 victims of domestic abuse had time off work. Sadly, research found that few employers were able to identify the signs of domestic abuse and/or had policies or procedures available to help support survivors.

The Spring Budget 2021: A Summary

As the UK eagerly tuned in to the most anticipated Budget for a generation, many were left wondering what the Chancellor’s traditional “rabbit out of a hat” might contain - especially as several big measures had been announced beforehand.

Our Team

Meet all of the team at Downslaw


Cobham

15A High Street
Cobham
Surrey
KT11 3DH

T: 01932 589599
F: 01932 505087

DX: 46102 COBHAM

Dorking

156 High Street
Dorking
Surrey
RH4 1BQ

T: 01306 880110
F: 01306 471230

DX: 57300 DORKING

Godalming

The Tanners
75 Meadrow
Godalming
Surrey
GU7 3HS

T: 01483 861848
F: 01483 431965

DX: 58308 GODALMING 1