The EU’s General Data Protection Regulation or GDPR enforced stringent measures for online data security. Those who find themselves on the wrong side of the law will be subject to substantial fines. That has been the case for British Airways which has been hit with a record $230 million fine under GDPR by the Information Commissioner’s Office in the UK.
British Airways suffered a security breach last year which was disclosed by the airline in September. Visitors were diverted to a fraudulent website where their personal details like name, billing and email address as well as payment information was stolen. Some 500,000 people were impacted by it.
ICO, the UK’s data privacy regulator, has now levied its highest fine ever on British Airways to the tune of £183.39 million or $230 million after it was found to have failed to protect customers’ data. ICO said that this incident was the result of “poor security” at BA.
With the GDPR now in place, the fine has been substantial for the airline, it amounts for 1.5 percent of BA’s global turnover for the year. Airlines already run on slim margins so a $230 million fine is certainly going to sting.
British Airways chairman and chief executive Alex Cruz says that “We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers’ data,” adding that the airline intends to appeal the decision. The ICO says that it will consider the appeal before it makes a final decision.
Filed in .. Source: ico.org.uk