ICO fines BA £183m fines can be levied for administrative and governance failures, not just data security breaches. Are you doing enough in reviewing and implementing appropriate information security and privacy management controls to limit the potential impact to your organisation?

ICO fines BA £183m

There are enough articles out there regurgitating the news about the BA data breach which we aren’t going to repeat.  For us the message is simple, and let’s make no bones about it, the Commissioner has enhanced powers under DPA 18/GDPR and clearly intends to use them.

Prior to this fine, the record UK fine was a maximum £500,000 which was levied against Facebook and  Equifax.  The penalty, as we all know, is now up to 4% of turnover so could have been a lot worse for BA  than the £183M (representing 1.5% of the company’s 2017 global turnover). 

However, this figure is approximately 367 times greater than it would have been under the old DPA and, as BA may argue, only impacted circa 500,000 customers and not their whole database – that’s £367 per customer.

Whilst BA may well contest this fine, one thing is abundantly clear – the Commissioner will be using her increased powers so make sure all organisations have their house in order.

And don’t forget, fines can be levied for administrative and governance failures, not just data security breaches.  Are you doing enough in reviewing and implementing appropriate information security and privacy management controls to limit the potential impact to your organisation?

contact us, consultancy , services pci dss payment card security standard information security business continuity contact form , contact us about consultancy services

Published: