Contributed by: Liz Blythe, Zoe Sims and Angus Hancock
Published on: July 09, 2019
The UK Information Commissioner's Office (ICO) has announced overnight its intention to fine British Airways a record £183.39 million (NZ$346.38 million) after a 2018 cyber breach compromised the personal information of approximately 500,000 British Airways customers.
This is the first publicly announced penalty by the ICO under the EU's General Data Protection Regulation (GDPR), which came into force in May last year. It is approximately 367 times higher than the previous record fine of £500,000 imposed on Facebook in connection with the Cambridge Analytica furore.
The fine demonstrates the seriousness with which EU regulators intend to treat breaches of the GDPR. UK Information Commissioner, Elizabeth Denham, has stated: "People's personal data is just that — personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear — when you are entrusted with personal data you must look after it."
British Airways CEO, Alex Cruz has said that the company is "surprised and disappointed" by the ICO's finding. British Airways has 28 days to appeal the fine.
You can review the ICO's statement here.
Partner, Technology and Digital
Special Counsel, Litigation
Data Protection and Privacy
Technology and Digital