cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Steve-Wilme
Advocate II

First big fine by ICO

I suppose it had to happen; the first big fine under GDPR in the UK for a data breach; 1.5% of its worldwide revenue.   https://www.bbc.co.uk/news/business-48905907

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
4 Replies
leroux
Community Champion
Wakeling_S
Newcomer II

This case, although painful for BA, will and should be raised as a what if risk example at all senior executive boards in forthcoming weeks. I would be interested if anybody in this community has any references or good examples of non technical briefings as to the web site hack. 

pcarner
Newcomer II

It sounds diluted to me. Wouldn't be 4% what applies in these cases?

leroux
Community Champion

You are right. The ICO's intended fine isn't the maximum. For British Airways, the potential fine amounts to 1.5% of its annual turnover in 2017, under half of the maximum GDPR penalty of 4% of annual turnover. If the ICO had deemed it appropriate, it could have issued a fine of over £450m.

 

But this is four times the size of the previous largest fine – that €50m penalty was issued to Google by the French data protection authority for a lack of transparency in its advertising

Spoiler