• What happened?

    On the 8 July 2019, the ICO announced its intention to fine British Airways £183.4 million in connection with a 2018 cybersecurity matter. The fine would amount to approximately 1.5% of the company’s 2017 annual revenue. It is the largest penalty announced to date for alleged GDPR violations.

    British Airways notified the ICO in September 2018 about the attack, which the ICO alleges began in June 2018 through British Airways’ website and mobile applications and compromised the protected data of nearly 500,000 customers. Specifically, the ICO’s investigation alleges that customer names, addresses, login credentials, payment card information and travel booking details were compromised.

    On the 9 July 2019, it was announced that the ICO intended to fine the Marriott group £99.3 million for GDPR violations related to a cybersecurity matter. The fine represents nearly 3% of Marriott’s annual global revenue reported in 2018.

    Preparing for a data breach

    This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines. Businesses need to ensure they are prepared for and respond to privacy and cyber security threats. Key tips for businesses include:

    • Knowing what personal data your business is processing and where this data is stored.
    • Ensuring staff are comprehensively trained and able to identify data breaches and escalate them to appropriate individuals and teams responsible for data breach management.
    • Implementing a comprehensive data breach management plan supported by policies and procedures.
    • Regularly testing the systems and procedures in place to manage personal data breaches. This will assist with identifying and remedying any vulnerabilities.
    • Maintaining a log of incidents and breaches and lessons learned to identify and prevent recurring incidents and potential vulnerabilities.

    How can we help?

    At Brachers we can ensure that your business is prepared and able to respond in a data breach we can also provide advice on how to minimise the risk of a data breach.

    Please contact a member of our team for further information and advice.

    This content is correct at time of publication

    Can we help?

    Take a look at our Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Key contact:

    Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. Please view our privacy statement for more information