GDPR record fine

British Airways has just been fined a record £183 million for breaching European General Data Protection Regulations (GDPR).  Between 21st August and 5th September 2018, over 500,000 payment cards were compromised after a theft of data from the BA. (initially thought to be 380,000 but later 185,000 additional customers were identified as being affected).  The share price fell nearly 3% within hours of the theft being reported. The UK Information Commissioner stated that a range of information had been compromised by poor security and the information included log in and card payment details, bookings and addresses. Experts believe that as customers typed in their credit card details to purchase tickets a piece of malicious code on the BA website was secretly extracting these details and sending them to someone else. This is an increasing problem for websites that embed code from third-party suppliers – it is known as a supply chain attack. Third parties may supply code to run payment authorisation, present ads or allow users to log into external services, for example. Under the new European General Data Protection Requirement (GDPR), organizations have 72 hours to gather all related information and report any data breaches to the relevant regulator. The maximum fine under the new legislation that came into force in May 2018 is up to a maximum of 4% of total global turnover.

Other recent news relating to GDPR includes:

  • Google has been fined in France for 50 million euros for a lack of transparency and consent over the way the company processed user data in order to personalise advertisements.
  • The UK Information Commission has announced that it intends to fine Marriott International £99 million for breaching European data protection law after the company was hacked in November 2018. Other European data protection authorities have an opportunity to comment on this recommendation before a final decision is taken.  It is estimated that half a billion customers private data has been stolen in one of the largest hacks in corporate history. The UK Information Commission stated that Marriott should “have done more to secure its system.”

© 2020 NCCG - All rights reserved | Disclaimer