CW+ Premium Content/Computer Weekly
Access your Pro+ Content below.
BA breach penalty sets new GDPR precedents
This article is part of the Computer Weekly issue of 27 October 2020
The fall-out from the 2018 data breach that saw the information of hundreds of thousands of British Airways (BA) customers stolen has not yet fully settled, but a significant milestone along the way was reached on 16 October 2020, when the Information Commissioner’s Office (ICO) announced that its proposed fine of £183m would be reduced to just £20m, but the decision has far-reaching implications for future victims and regulators under the General Data Protection Regulation (GDPR). In a 114-page document detailing its decision the ICO set out a litany of cyber security failings at BA but recognised its swift and appropriate response once it was notified of the incident. Its decision also acknowledged the impact of the Covid-19 pandemic on the airline’s financial situation. Byrony Long, a partner at law firm Lewis Silkin, described the reduction in the fine as a win for BA, considering the magnitude of the security failings that took place there. “This decision just demonstrates there is clear room for manoeuvre once an ICO ...
Features in this issue
-
CDO interview: Pets at Home uses data analytics to further petcare ‘ecosystem’
Robert Kent, chief data officer for Pets at Home, describes how he has built a data analytics team and technology stack to enhance the petcare company’s understanding of its customers
-
BA breach penalty sets new GDPR precedents
The 90% reduction in the fine levied on BA over a 2018 data breach has legal experts talking about the ramifications for the future of data protection