Fenestration
Local Builders
Builders' Merchants
Architects & Specifiers
House Builders
Main Contractors
Lead Generation
Direct Marketing
Marketing Reports
Salestracker CRM
STEM Email Marketing
Mobile CRM
Software Features
Market Overview
FAQs
Downloads
GDPR
Our History
Company News
Careers
Book a Demo
Contact UsTurbulent times at British Airways with prospect of record £183 million GDPR fine
GDPR fine of £183.39 million has been proposed against British Airways by the Information Commissioner’s Office (ICO) following a significant breach of the General Data Protection Regulation (GDPR). The penalty also targets its parent company, International Airlines Group (IAG).
The fine, which will eclipse the previous record of Google’s £44 million penalty, relates to a cyber-attack last year. The data breach saw website users directed to a fraudulent site, where customer details were harvested. In total, over 500,000 customers were affected, with login, payment card, and travel booking details as well as name and address information all compromised.
Explaining the proposed fine, Information Commissioner Elizabeth Denham said:
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.
“That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
While BA Chairman, Alex Cruz, says he is “surprised and disappointed” by the decision, Willie Walsh, Chief Executive of IAG, commented:
“British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”
Whilst the fine is the equivalent of 1.5% of BA’s worldwide turnover in 2017, it could be far worse, with a maximum fine of 4% of annual global turnover available to the ICO.
Alex Tremlett, Commercial Director at Insight Data, comments:
“This record fine clearly shows the ICO will not stand by as businesses brazenly disregard GDPR compliance. As proven by Google, Facebook and countless other businesses both large and small, you simply cannot fly under the radar or avoid taking the necessary precautions to protect personal data.
“It’s a message the window industry needs to hear as many think they are too small to avoid the cross hairs of the ICO. In fact, it’s never been so important to ensure your business complies. At Insight Data, we work with businesses across the supply chain to provide a cost-effective and compliant solution which allows them to stay on the right side of GDPR, whilst still effectively marketing to prospective customers.”
For more information on GDPR compliance, contact Insight Data on 01934 808293 or via email at hello@insightdata.co.uk.
