GDPR – A Sanction with Teeth – BA fined £183.4m

BA is now likely to receive a major fine under the GDPR with the ICO having announced its intention to impose a fine of £183.4m over the data breach the Company experienced in the summer of 2018.

The background to this was a malicious hack of the BA website, with hackers managing to gain access to the personal and payment card details of over 500,000 BA customers by compromising the Company website.

BA have the opportunity to make representations against the fine, so the fine is not yet confirmed. However, it is clear that there is likely to be a very significant sum that BA is ordered to pay.

Obviously, both the scale of the data loss and the global turnover of BA contributes to the significant fine but all organisations should be aware that if a significant amount of customer payment data is lost, they can expect to receive a significant fine from the ICO.

Organisations should ensure that their GDPR compliance processes and IT systems are robust to hacking!