News Roundup: Precedent set and BA and Marriot face GDPRs wrath

News Roundup: Precedent set and BA and Marriot face GDPRs wrath

GDPR fines to British Airways and Marriot hotels

From when GDPR was first implemented right up until this week, we have pondered whether larger fines against organisations have been around the corner. While Google copped a considerably large €50 million fine for violating GDPR in January, this has made up the bulk of issued penalties and we really haven't seen much in the way of massive crackdowns since the law was introduced. Unfortunately for British Airways (BA) and Marriot though, this changed this week, as the two organisations chalked up a total of almost £300 million in fines between them.

The first cab off the rank was British Airways (the UK's national airline), which received a proposed fine of £183 million, or 1.5% of the company's 2017 annual turnover, which is the largest fine ever imposed for a data breach. The penalty was in relation to a breach in August, when the company lost the personal information - including credit card details - of around 500,000 customers.

British Airways chairmen and CEO Alex Cruz said he was "surprised and disappointed" by the proposed  penalty, arguing that the airline had "responded quickly to the criminal act to steal customers data." CEO of IAG (BA's parent) also stated the company would appeal the fine, although the UK's Information Commissioner Elizabeth Denham said in a statement "The law is clear - when you are entrusted with personal data you must look after it."

The second major fine was levied against Marriot, who received a proposed fine of £99 million, which is in relation to a data breach that exposed the personal information of 339 million guests. The breach affected 7 million people in the UK, as well as 30 million residents of 31 countries in the European Economic Area (EEA). Mirroring BA's response, Marriot said it would appeal the fine and that it was disappointed with the notice.

At this stage the two fines are not yet finalised, allowing BA and Marriot to present additional material to regulators in order to further plead their case. However, the fines are a landmark development in the GDPR timeline, and a sign that the ICO is sending a big message to major firms. When comparing it to Facebook's ‘measly' £500,000 bill for its Cambridge Analytica gaffe, we see a glaring gap that just goes to show the weight that GDPR carries. This could indeed be the highly anticipated warning shot that precedes many other large penalties.

To continue reading...


« Will quantum technology transform the business world?


Seize the innovation opportunities that will emerge in the next recession »
Pat Martlew

Patrick Martlew is a technology enthusiast and editorial guru that works the digital enterprise beat in London. After making his tech writing debut in Sydney, he has now made his way to the UK where he works to cover the very latest trends and provide top-grade expert analysis.

  • Mail


Do you think your smartphone is making you a workaholic?