ICO announce it’s intention to fine British Airways £183.39M.
When the ICO recently announced it’s intention to fine British Airways £183.39M, closely followed by a further intention to fine Marriot £99m for Cyber Security Breaches, we noticed.
With Facebook’s data privacy issues hitting the headlines recently and fines being issued to other household names like EE & Uber , GDPR is becoming more of a reality, BUT….don’t be fooled into thinking that GDPR applies only to these types of business.
The ICO have issued penalties and prosecutions to various sizes and types of business and individuals across the UK this year alone for breaches ranging from Unlawful Access of personal data to Direct Marketing and Data Sharing.
The message from the ICO in relation to the recent British Airways announcement was clear;
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.” Elizabeth Denholm (UK Information Commissioner)
Any business collecting, storing or using Personal Data, needs to protect it. Your customers and employees are giving you something of value that belongs to them. They need to trust that you will remember that and take care of it. Your business and your reputation depends on getting that right.
Fines for a serious breach of GDPR can be up to €20M or 4% of your Global Annual Turnover (whichever is higher), and whilst companies like BA and Marriot may well be in a position to absorb these costs, the consequences could be devastating for a smaller organisation.
So what can you do? As a starting point, don’t bury your head in the sand. Be Aware, be Accountable and be Prepared to respond to your responsibilities;
Understand what Personal Data is, how and why you use it and how you protect it
Understand your responsibilities for that data and the privacy rights of the individuals it belongs to
Understand the principles of GDPR and what it means to your business