Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Steve-Wilme
Advocate II
‎07-08-2019 03:24 AM
‎07-08-2019 03:24 AM

First big fine by ICO

I suppose it had to happen; the first big fine under GDPR in the UK for a data breach; 1.5% of its worldwide revenue.   https://www.bbc.co.uk/news/business-48905907

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
4 Replies
leroux
Community Champion
‎07-08-2019 08:48 AM
‎07-08-2019 08:48 AM

ICO Statement :Intention to fine British Airways £183.39m under GDPR for data breach

Reply
0 Kudos
Wakeling_S
Newcomer II
‎07-09-2019 04:59 AM
‎07-09-2019 04:59 AM

This case, although painful for BA, will and should be raised as a what if risk example at all senior executive boards in forthcoming weeks. I would be interested if anybody in this community has any references or good examples of non technical briefings as to the web site hack. 

Reply
0 Kudos
pcarner
Newcomer II
‎07-09-2019 06:36 AM
‎07-09-2019 06:36 AM

It sounds diluted to me. Wouldn't be 4% what applies in these cases?

Reply
0 Kudos
leroux
Community Champion
‎07-09-2019 09:43 AM
‎07-09-2019 09:43 AM

You are right. The ICO's intended fine isn't the maximum. For British Airways, the potential fine amounts to 1.5% of its annual turnover in 2017, under half of the maximum GDPR penalty of 4% of annual turnover. If the ICO had deemed it appropriate, it could have issued a fine of over £450m.

 

But this is four times the size of the previous largest fine – that €50m penalty was issued to Google by the French data protection authority for a lack of transparency in its advertising

Spoiler
 
Reply
0 Kudos