-
InsightsInsight - Data Protection and GDPR - POSTED: July 12 2019
Recent data breaches – Make sure your business is prepared
This week the Information Commissioner’s Office (ICO) has announced substantial proposed fines against airline British Airways and hotel group Marriott International, Inc for alleged violations of the EU’s General Data Protection Regulation (GDPR).
- Share this article
- Print this article
-
What happened?
On the 8 July 2019, the ICO announced its intention to fine British Airways £183.4 million in connection with a 2018 cybersecurity matter. The fine would amount to approximately 1.5% of the company’s 2017 annual revenue. It is the largest penalty announced to date for alleged GDPR violations.
British Airways notified the ICO in September 2018 about the attack, which the ICO alleges began in June 2018 through British Airways’ website and mobile applications and compromised the protected data of nearly 500,000 customers. Specifically, the ICO’s investigation alleges that customer names, addresses, login credentials, payment card information and travel booking details were compromised.
On the 9 July 2019, it was announced that the ICO intended to fine the Marriott group £99.3 million for GDPR violations related to a cybersecurity matter. The fine represents nearly 3% of Marriott’s annual global revenue reported in 2018.
Preparing for a data breach
This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines. Businesses need to ensure they are prepared for and respond to privacy and cyber security threats. Key tips for businesses include:
- Knowing what personal data your business is processing and where this data is stored.
- Ensuring staff are comprehensively trained and able to identify data breaches and escalate them to appropriate individuals and teams responsible for data breach management.
- Implementing a comprehensive data breach management plan supported by policies and procedures.
- Regularly testing the systems and procedures in place to manage personal data breaches. This will assist with identifying and remedying any vulnerabilities.
- Maintaining a log of incidents and breaches and lessons learned to identify and prevent recurring incidents and potential vulnerabilities.
How can we help?
At Brachers we can ensure that your business is prepared and able to respond in a data breach we can also provide advice on how to minimise the risk of a data breach.
Please contact a member of our team for further information and advice.
This content is correct at time of publication
Can we help?
Take a look at our Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you
-
Get in touch
Please fill out the below form or alternatively you can call us on 01622 690691