Recent data breaches – Make sure your business is prepared

Recent data breaches – Make sure your business is prepared

This week the Information Commissioner’s Office (ICO) has announced substantial proposed fines against airline British Airways and hotel group Marriott International, Inc for alleged violations of the EU’s General Data Protection Regulation (GDPR). 

What happened?

On the 8 July 2019, the ICO announced its intention to fine British Airways £183.4 million in connection with a 2018 cybersecurity matter. The fine would amount to approximately 1.5% of the company’s 2017 annual revenue. It is the largest penalty announced to date for alleged GDPR violations.

British Airways notified the ICO in September 2018 about the attack, which the ICO alleges began in June 2018 through British Airways’ website and mobile applications and compromised the protected data of nearly 500,000 customers. Specifically, the ICO’s investigation alleges that customer names, addresses, login credentials, payment card information and travel booking details were compromised.

On the 9 July 2019 it was announced that the ICO intended to fine the Marriott group £99.3 million for GDPR violations related to a cybersecurity matter. The fine represents nearly 3% of Marriott’s annual global revenue reported in 2018.

Preparing for a data breach

This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines. Businesses need to ensure they are prepared for and respond to privacy and cyber security threats. Key tips for businesses include:

  • Knowing what personal data your business is processing and where this data is stored. 
  • Ensuring staff are comprehensively trained and able to identify data breaches and escalate them to appropriate individuals and teams responsible for data breach management. 
  • Implementing a comprehensive data breach management plan supported by policies and procedures.
  • Regularly testing the systems and procedures in place to manage personal data breaches. This will assist with identifying and remedying any vulnerabilities.
  • Maintaining a log of incidents and breaches and lessons learned to identify and prevent recurring incidents and potential vulnerabilities.

How can we help? 

At Brachers we can ensure that your business is prepared and able to respond in a data breach we can also provide advice on how to minimise the risk of a data breach.

Please contact a member of our team for further information and advice.