Ouch! GDPR shows its teeth and takes a chunk out of British Airways

We’re not the only ones to have warned that fines under GDPR can be steep, but if you want an idea of the potential impact, take note of the £183 million penalty imposed on British Airways which hit the headlines today.

BA responded quickly to the security breach that led to the data of around half a million customers being compromised. They have apologised, boosted their security and claim to have found no evidence of fraud linked to the theft. They may well appeal the Information Commissioner’s Office decision, but they aren’t denying that their security wasn’t good enough in the first place. That’s likely to be something that’s influenced the ICO when deciding on the scale of the penalty.

It’s worth noting that fines can be up to 4% of your previous year’s annual turnover. There aren’t many organisations which could face such a sum and not feel the impact.

Some might argue that the ICO is using the publicity surrounding the BA cyber-security issue and a headline-grabbing fine to raise awareness, but the truth is that these cyber-attacks are happening. The hackers and fraudsters are getting ever more sophisticated, and the consequences of a breach can be horrendous. If the ICO is grabbing headlines, it’s also reinforcing the message that there is no room for complacency. The GDPR launch date was the start of an era of new governance for data loss and theft.

Our message is that you cannot afford to sit back and do nothing. Your potential fine may not reach the sky-high figure of BA’s penalty, but it will still hurt. You’ll feel the teeth of GDPR if you haven’t taken steps to protect your business and any personal data you hold.

There is no way to guarantee total immunity, but you must do what you can. Make as start by verifying how safe your business is against attack.

Give us a call and we’ll help.