BA has been fined £20m by the ICO for a cyber-attack that took place in 2018. Following the incident, hackers were able to gather BA customers’ personal information, including bank details, for two months before the breach was discovered.
Initially, the ICO said it intended to issue an eye-watering £183m fine but it took into account the economic impact of COVID-19. Still, £20m is the largest fine issued by the ICO and is the result of increased powers to fine higher amounts following the introduction of the Data Protection Act 2018 and the GDPR.
We have highlighted a 10-point GDPR checklist to get you started here but compliance is ongoing. Despite the fine not being as high as anticipated, BA will no doubt still feel the pinch. Here's the full story if you'd like to read more.
Please get in touch by email at firstname.lastname@example.org if you'd like more tips or advice about your compliance processes.