PL Risk Blog

British Airways Fallout

Written by Drew Smith | Jul 12, 2019 2:02:21 PM

British Airways is faced a record $229 million dollar fine (183 Million Euros) as a result of a breach that triggered Europe’s General Data Protection Regulation (GDPR).

Passed in 2016 and went into effect in May 2018, the GDPR was designed as an upgrade to previous privacy laws. Corporations based in or doing significant business in Europe must provide significant investment in protecting their client’s data as privacy concerns began to creep in. It allows customers to withhold their data and delete their own data at their request. If a breach were to happen, the company in question was to alert their customers within 72 hours and be subject to a significant fine.

British Airways appears to be the first major company to be fined under the new regulation. In September 2018, the airline announced their log in process was compromised and revealed it to their customers within a day of it being discovered. Now under the guidelines issued, British Airways is looking at a record fine of over 183 million Euros. [1]

While the fine seems excessive for the first time implementing the penalty, it likely served to test the waters. The next big breach, GDPR might come down harder on the company, especially if it's someone like Facebook. Implementing your security measures can save millions in fines later.

 

[1] https://www.forbes.com/sites/kateoflahertyuk/2019/07/08/british-airways-hit-with-record-fine-following-2018-cyberattack/#51aa511b1f8e