British Airways vs. ICO: Why Protecting Data is Important

The Equality Act 2010: Dealing with Conflicting Protected Characteristics
July 5, 2019
Extending Statutory Sick Pay to Low-Paid Employees
July 18, 2019

British Airways vs. ICO: Why Protecting Data is Important

Protecting Data is vitally important for businesses. With the GDPR and the Data Protection Act 2018 now in place for just over a year, the ICO is clamping down on businesses who fail to observe rules and regulations. An example of this is British Airways who leaked customers personal data as a result of a hack.

British Airways

British Airways faces a record fine of £183m over a 2018 data breach which exposed the personal details of thousands of customers. The fine, the biggest penalty handed out by the Information Commissioner’s Office (ICO) and the first to be made public under new rules, is the equivalent of 1.5% of BA’s worldwide turnover in 2017. BA previously claimed approximately 380,000 transactions were affected by the computer hack.

Fines for Data Breaches

GDPR  has introduced a duty for all organisations to report certain types of personal data breach to the ICO within 72 hours of becoming aware of the breach where feasible. Failing to notify a breach when required to do so can result in a significant fine up 20 million Euros or 4% of turnover (whichever is greater). The following is a non-exhaustive list of GDPR provisions which may attract a top level fine:• Failing to obtain consent to keep personal data;

• infringement of the rights of data subjects;
• international transfers of personal data (Outside the EU); and
• failure to implement or adhere to a subject access request process.

For minor breaches, companies can still be fined 10 million euros or 2% of your global turnover. it’s important to make sure you have a robust breach-reporting process in place to ensure you detect and can notify a breach, on time; and to provide the necessary details.

Not only can a breach of data cost a business heavily financially, but it can also severely damage your organisations reputation. If you are worried that your organisation is in breach of the Data Protection Act or require more information about how to make sure you are compliant with the Data Protection Act call: 01633246666 or email:

For other guidance visit: