{"id":5173,"date":"2019-07-09T08:46:47","date_gmt":"2019-07-09T07:46:47","guid":{"rendered":"https:\/\/www.conferencecall.co.uk\/blog\/?p=5173"},"modified":"2019-07-09T08:52:50","modified_gmt":"2019-07-09T07:52:50","slug":"record-gdpr-fine-for-ba","status":"publish","type":"post","link":"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/","title":{"rendered":"Record GDPR fine for BA"},"content":{"rendered":"

British Airways (BA) is on the receiving end of a GDPR fine of \u00a3183m from the Information Commissioner’s Office (ICO), following a 2018 security breach.<\/p>\n

This is the biggest fine ever handed out by the independent body set up to uphold information rights, and the first to be made public under new rules.<\/p>\n

<\/p>\n

Why has BA been fined?<\/h2>\n

The BA security breach compromised the data of about half-a-million customers, who were diverted from BritishAirways.com to a fraudulent website which took all manner of details, including names, addresses, log in, payment card, and travel booking details as well name and address information. <\/p>\n

The ICO said the incident took place after users of British Airways’ website were diverted to a fraudulent site. Through this false site, details of around 500,000 customers were harvested by the attackers, the ICO said.<\/p>\n

Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.<\/p>\n

“That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”<\/p>\n

What is GDPR<\/h2>\n

GDPR, or General Data Protection Regulation<\/em>, is data protection legislation designed to change how businesses and public sector organisations can use and handle customer information, and give individuals greater control over how organisations contact them and use their data.<\/p>\n

It came into force across the EU on May 25, 2018, and will remain part of UK legislation even if the UK leaves the EU with no deal<\/a>.<\/p>\n

For more information on GDPR, check out our small business guide to GDPR<\/a>.<\/p>\n

Why has BA been fined so much?<\/h2>\n

BA’s \u00a3183.39 million fine is far and away the biggest ever for a data breach. This could be because the rule changes meant companies can be charged a lot more than in the past – before GDPR, the maximum fine that could be issued under the Data Protection Act was \u00a3500,000, it’s now \u20ac20 million of 4% of a company’s global turnover.<\/p>\n

Although a severe breach, it seems BA’s record fine is down to bad timing, especially when you consider the levels of fine that have been issued to big companies in the past.<\/p>\n

What are the biggest fines for a data breach?<\/h3>\n\n\n
Year<\/strong><\/td>Company<\/strong><\/td>Fine<\/strong><\/td><\/tr>
2019<\/td>British Ariways<\/td>\u00a3183.39 million<\/td><\/tr>
2018<\/td>Equifax<\/td>\u00a3500,000<\/td><\/tr>
2018<\/td>Facebook<\/td>\u00a3500,000<\/td><\/tr>
2018<\/td>Uber<\/td>\u00a3400,000<\/td><\/tr>
2018<\/td>Carphone Warehouse<\/td>\u00a3400,000<\/td><\/tr>
2016<\/td>Talk Talk<\/td>\u00a3400,000<\/td><\/tr>
2012<\/td>Sussex Hospitals NHS Trust<\/td>\u00a3350,000<\/td><\/tr>
2018<\/td>Crown Prosecution Service<\/td>\u00a3325,000<\/td><\/tr>
2018<\/td>Yahoo<\/td>\u00a3250,000<\/td><\/tr>
2013<\/td>Sony<\/td>\u00a3250,000<\/td><\/tr>
2012<\/td>Scottish Borders Council<\/td>\u00a3250,000<\/td><\/tr><\/tbody><\/table>\n\n\n

\"\"<\/a><\/p>","protected":false},"excerpt":{"rendered":"

British Airways (BA) is on the receiving end of a GDPR fine of \u00a3183m from the Information Commissioner’s Office (ICO), following a 2018 security breach. This is the biggest fine<\/p>\n

Read MoreRecord GDPR fine for BA<\/span><\/a><\/div>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[40,13,17],"tags":[41,31,42],"yoast_head":"\nRecord GDPR fine for BA - ConferenceCall.co.uk blog<\/title>\n<meta name=\"description\" content=\"BA has been hit with a record GDPR fine of \u00a3183m for a data breach. Why has it been hit so hard, and what are the biggets data breach fines, ever?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Record GDPR fine for BA - ConferenceCall.co.uk blog\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/\" \/>\n<meta property=\"og:site_name\" content=\"ConferenceCall.co.uk blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/pages\/Conference-Call-UK\/178511498997826\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-09T07:46:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-09T07:52:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.conferencecall.co.uk\/blog\/wp-content\/uploads\/2019\/07\/british-airways-plane-being-loaded-with-cargo-against-grey-cloudy-sky.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Les Roberts\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LesRobertsMedia\" \/>\n<meta name=\"twitter:site\" content=\"@ConfCallUK\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Les Roberts\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/\",\"url\":\"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/\",\"name\":\"Record GDPR fine for BA - ConferenceCall.co.uk blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/#website\"},\"datePublished\":\"2019-07-09T07:46:47+00:00\",\"dateModified\":\"2019-07-09T07:52:50+00:00\",\"author\":{\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/#\/schema\/person\/fd51b09e17d75360ba18197c2c1c535b\"},\"description\":\"BA has been hit with a record GDPR fine of \u00a3183m for a data breach. Why has it been hit so hard, and what are the biggets data breach fines, ever?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.conferencecall.co.uk\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Record GDPR fine for BA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/#website\",\"url\":\"https:\/\/www.conferencecall.co.uk\/blog\/\",\"name\":\"ConferenceCall.co.uk blog\",\"description\":\"Conference calling made easy\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.conferencecall.co.uk\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/#\/schema\/person\/fd51b09e17d75360ba18197c2c1c535b\",\"name\":\"Les Roberts\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.conferencecall.co.uk\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d887807fb3eaf5e8705c4d4f1328df3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d887807fb3eaf5e8705c4d4f1328df3e?s=96&d=mm&r=g\",\"caption\":\"Les Roberts\"},\"sameAs\":[\"https:\/\/twitter.com\/LesRobertsMedia\"],\"url\":\"https:\/\/www.conferencecall.co.uk\/blog\/author\/les\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Record GDPR fine for BA - ConferenceCall.co.uk blog","description":"BA has been hit with a record GDPR fine of \u00a3183m for a data breach. Why has it been hit so hard, and what are the biggets data breach fines, ever?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/","og_locale":"en_GB","og_type":"article","og_title":"Record GDPR fine for BA - ConferenceCall.co.uk blog","og_url":"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/","og_site_name":"ConferenceCall.co.uk blog","article_publisher":"https:\/\/www.facebook.com\/pages\/Conference-Call-UK\/178511498997826","article_published_time":"2019-07-09T07:46:47+00:00","article_modified_time":"2019-07-09T07:52:50+00:00","og_image":[{"width":1024,"height":512,"url":"https:\/\/www.conferencecall.co.uk\/blog\/wp-content\/uploads\/2019\/07\/british-airways-plane-being-loaded-with-cargo-against-grey-cloudy-sky.png","type":"image\/png"}],"author":"Les Roberts","twitter_card":"summary_large_image","twitter_creator":"@LesRobertsMedia","twitter_site":"@ConfCallUK","twitter_misc":{"Written by":"Les Roberts","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/","url":"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/","name":"Record GDPR fine for BA - ConferenceCall.co.uk blog","isPartOf":{"@id":"https:\/\/www.conferencecall.co.uk\/blog\/#website"},"datePublished":"2019-07-09T07:46:47+00:00","dateModified":"2019-07-09T07:52:50+00:00","author":{"@id":"https:\/\/www.conferencecall.co.uk\/blog\/#\/schema\/person\/fd51b09e17d75360ba18197c2c1c535b"},"description":"BA has been hit with a record GDPR fine of \u00a3183m for a data breach. Why has it been hit so hard, and what are the biggets data breach fines, ever?","breadcrumb":{"@id":"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.conferencecall.co.uk\/blog\/record-gdpr-fine-for-ba\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.conferencecall.co.uk\/blog\/"},{"@type":"ListItem","position":2,"name":"Record GDPR fine for BA"}]},{"@type":"WebSite","@id":"https:\/\/www.conferencecall.co.uk\/blog\/#website","url":"https:\/\/www.conferencecall.co.uk\/blog\/","name":"ConferenceCall.co.uk blog","description":"Conference calling made easy","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.conferencecall.co.uk\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.conferencecall.co.uk\/blog\/#\/schema\/person\/fd51b09e17d75360ba18197c2c1c535b","name":"Les Roberts","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.conferencecall.co.uk\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d887807fb3eaf5e8705c4d4f1328df3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d887807fb3eaf5e8705c4d4f1328df3e?s=96&d=mm&r=g","caption":"Les Roberts"},"sameAs":["https:\/\/twitter.com\/LesRobertsMedia"],"url":"https:\/\/www.conferencecall.co.uk\/blog\/author\/les\/"}]}},"_links":{"self":[{"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5173"}],"collection":[{"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5173"}],"version-history":[{"count":5,"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5173\/revisions"}],"predecessor-version":[{"id":5181,"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5173\/revisions\/5181"}],"wp:attachment":[{"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.conferencecall.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}