cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor II

First big fine by ICO

I suppose it had to happen; the first big fine under GDPR in the UK for a data breach; 1.5% of its worldwide revenue.   https://www.bbc.co.uk/news/business-48905907

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP M.Inst.ISP
4 Replies
Community Champion
Tags (2)
Newcomer II

Re: First big fine by ICO

This case, although painful for BA, will and should be raised as a what if risk example at all senior executive boards in forthcoming weeks. I would be interested if anybody in this community has any references or good examples of non technical briefings as to the web site hack. 

Highlighted
Newcomer II

Re: First big fine by ICO

It sounds diluted to me. Wouldn't be 4% what applies in these cases?

Community Champion

Re: First big fine by ICO

You are right. The ICO's intended fine isn't the maximum. For British Airways, the potential fine amounts to 1.5% of its annual turnover in 2017, under half of the maximum GDPR penalty of 4% of annual turnover. If the ICO had deemed it appropriate, it could have issued a fine of over £450m.

 

But this is four times the size of the previous largest fine – that €50m penalty was issued to Google by the French data protection authority for a lack of transparency in its advertising

Spoiler