Search Our Site

We have 3,619,935 registered online learners.
262 new learners so far today.

Record £183m Fine Set to Hit British Airways After Data Breach

schedule 11th July 2019 by Virtual College in Virtual College

British airways data breach

Why are British Airways being Fined?

After a data breach of the details of around 500,000 customers, IAG-owned British Airways (BA) are facing the possibility of receiving a record fine of £183.39 million, the largest ever given by the Information Commissioner’s Office (ICO).

According to BA, the company came under a ‘sophisticated, malicious criminal attack’ which resulted in the theft of customer data. Customers intending to use the BA website were instead taken to a fake website where they entered their details which were harvested by hackers. Personal and financial data was stolen with names, banking details and billing addresses all at risk but passport details remained secure. The prolonged attack is thought to have begun in June 2018 with BA submitting their incident findings in September 2018 to the ICO.

What is GDPR?

On a basic level, the GDPR is designed as a direct replacement for the Data Protection Act, which was introduced in 1995 as a UK equivalent to the EU's 1995 Data Protection Directive.

Affecting all UK companies that collect or process personal information on EU citizens, the new laws are intended to help protect the privacy and rights of individual consumers, giving data subjects more clearly delineated rights regarding what data is held about them, how it can be used, and when it should be deleted.

Although the new law reduces the overall number of principles from eight to six, the revamped regulations will be much broader in scope than the existing ones, handing the consumer greater control over their own personal data, and imposing harsh penalties on organisations that fail to comply.

Still in the dark about GDPR? Click here and check out all of our GDPR resources.

How does GDPR impact this breach?

The data breach and subsequent data loss were both found by the data watchdog to be infringements of the General Data Protection Regulation (GDPR), which came into force on May 25th 2018. The organisation claimed that the stolen information was 'compromised by poor security arrangements at British Airways'.

Information Commissioner Elizabeth Denham explained: ‘When an organisation fails to protect [personal data] from loss, damage or theft, it is more than an inconvenience. That’s why the law is clear - when you are entrusted with personal data you must look after it.’.

The fine is the biggest since the GDPR came into law, overtaking the record set by the £500,000 fine handed out to Facebook in October 2018 after the Cambridge Analytica privacy case affecting nearly 87 million users.

This is not the maximum charge that could have been levied, however. Breaches of GDPR can carry penalties of up to 4% of the offending company’s annual turnover. The £183m makes up just under 1.5% of British Airways’ turnover for 2017, the year before the scandal.

How has British Airways responded?

BA is expected to appeal the fine, with their chairman Alex Cruz stating that the company was ‘surprised and disappointed’ with the ICO’s penalty. Willie Walsh of the IAG continued: ‘British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.’

Why is this fine so important?

It is thought by many that the significance and weight of this fine could be the first step in pushing major companies into treating the GDPR seriously, particularly when the data breach concerns so many people.

BA has 28 days to appeal the finding.

At Virtual College, we understand the importance of GDPR, and the serious implications of a company not being compliant. Therefore, we offer comprehensive GDPR courses to businesses to help them avoid a similar situation.

GDPR offer banner


Related resources

Virtual College Logo

Author: Virtual College

The latest training news brought to you by Virtual College. We create innovative digital learning experiences that inspire people to develop the skills they need to thrive in their careers; enhancing and enriching the organisations they work in. For 24 years, we have been developing and supplying collaborative, customer-focused e-learning technology for organisations world-wide.

CPD
investors-in-people-silver
ISO 9001:2015
bcs-accredited-training-partner
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider

Contact

+44 (0)1943 605 976

Virtual College

Marsel House

Ilkley

West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.

Login

We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.