Record GDPR fines for BA and Marriott serve as a MAJOR wake-up call to businesses

GDPR fines have reached record levels as the Information Commissioner’s Office (ICO) announced plans to impose the largest ever penalties under the General Data Protection Regulation on both British Airways (BA) and Marriott International in the space of just a week.

BA and parent company International Airlines Group (IAG) were fined a proposed £183.39 million – a record under GDPR. It relates to a cyber-attack last year which saw the personal data of over 500,000 customers compromised. Marriott are set to face a £99.2 million fine for a sustained breach which exposed the personal data of around 330 million guests globally.

While the maximum GDPR fine is 4% of the company’s global turnover, the fines for BA and Marriott only represent around 1.5% of their respective turnovers. The leniency of the commission could reflect both companies cooperating with their respective investigations.

Nonetheless, two record fines in short succession will make for worrying reading for the likes of Google and Facebook, with both currently facing investigations for GDPR violations. Following the Cambridge Analytica scandal – which fell under the remit of the former Data Protection Act, Mark Zuckerberg’s firm now faces a fresh GDPR investigation from Irish regulators following a data breach that affected almost 50 million Facebook accounts.

After receiving a fine of £44 million from French regulators, Google are also in the spotlight once again as the ICO investigates the company for leaking personal data from their advertising platform.

Alex Tremlett, Commercial Director at Insight Data comments:

“Without question, the proposed record fines for BA and Marriott, and the ongoing investigations at Google and Facebook clearly demonstrates the ICO and other data regulators are taking GDPR violations incredibly seriously.

“It’s undoubtedly a wake-up call for businesses large and small, especially those that do not have adequate safeguarding procedures in place to protect customer data. The case of Marriott is particularly important for the glazing industry, especially as we see growing consolidation in the market with a spate of high-profile mergers and acquisitions.

“Their case refers to a breach at Starwood Hotels and Resorts – a subsidiary of Marriott International. The breach began in 2014 – two years before Marriot had even bought the business, and was not spotted and reported until 2018. It’s therefore absolutely vital that business owners carry out proper due diligence before any acquisition takes place, and that proper structures are introduced to protect the personal data of customers, suppliers and employees which has also been acquired in the sale.

“For too long, businesses across the industry have believed they are too small to worry the ICO. With flying under the radar no longer an option, it’s never been so important to ensure your business complies with GDPR. At Insight Data, we work with businesses across the supply chain to provide a cost-effective and compliant solution which allows them to stay on the right side of GDPR, whilst still effectively marketing to prospective customers.”

With GDPR fines reaching unprecedented levels, ensuring your business stays compliant has never been more critical. Don’t let your company become the next cautionary tale in GDPR enforcement. Insight Data specialises in helping businesses navigate GDPR compliance requirements and avoid costly penalties.

Protect your business from GDPR fines today. For expert guidance on GDPR compliance, contact us on 01934 808293 or via email at hello@insightdata.co.uk. Discover our comprehensive GDPR resources to safeguard your data practices, get in touch for personalised consultation, or stay informed with the latest GDPR news and updates.