General Data Protection Regulation, or GDPR as it’s more commonly referred to is something that all organisations need to think about when it comes to handling data, and especially so if they operate in the EU.
To date failure to properly comply with GDPR has claimed some notable scalps such as Facebook over the Cambridge Analytica scandal, but at the time the maximum fine that could be imposed was £500 000.
Now British Airways could face similar consequences for a data breach last year involving hackers getting access to the credit card information of roughly 500 000 customers. The fine could also amount to £183 million, which would be a new record for any such GDPR fine.
As such it’s a case of wrong place, wrong time for the airline company, especially when the figures between their own proposed fine dwarfs that of Facebook’s thanks to newly imposed laws under GDPR.
Said law now states that a firm can be fined as much as 4 percent of its worldwide turnover, with this proposed British Airways fine amounting to 1.5 percent, so the situation could have been far worse for the operator.
At the time of writing British Airways has 28 days to appeal the ruling, but recent comments by the UK’s information commissioner, Elizabeth Denham, don’t bode well for the company.
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights,” she explained in a statement.
In response to Denham’s comments, British Airways chairman and CEO, Alex Cruz, said the fine was “surprising and disappointing,” adding that the firm has looked into the matter and found no evidence that stolen credit card data led to any fraudulent activity.
With time remaining for British Airways to appeal the matter, we should have a better idea if a new fine record will be issued in early-August.[Image – CC 0 Pixabay]