CW+ Premium Content/Computer Weekly

Thank you for joining!
Access your Pro+ Content below.
27 October 2020

BA breach penalty sets new GDPR precedents

The fall-out from the 2018 data breach that saw the information of hundreds of thousands of British Airways (BA) customers stolen has not yet fully settled, but a significant milestone along the way was reached on 16 October 2020, when the Information Commissioner’s Office (ICO) announced that its proposed fine of £183m would be reduced to just £20m, but the decision has far-reaching implications for future victims and regulators under the General Data Protection Regulation (GDPR). In a 114-page document detailing its decision the ICO set out a litany of cyber security failings at BA but recognised its swift and appropriate response once it was notified of the incident. Its decision also acknowledged the impact of the Covid-19 pandemic on the airline’s financial situation. Byrony Long, a partner at law firm Lewis Silkin, described the reduction in the fine as a win for BA, considering the magnitude of the security failings that took place there. “This decision just demonstrates there is clear room for manoeuvre once an ICO ...

Features in this issue

Data Center
Data Management