The British Airways (BA) data breach which saw hundreds of thousands of customers’ data stolen has not yet fully settled. However a significant milestone along the way was reached with the announcement of the reduction of the proposed £183m fine to just £20m by the ICO (Information Commisioners’ Office). This decision has far-reaching implications.
She says, “The UK ICO guidelines have always been clear that their GDPR fine regime would take into account the affordability of a penalty and its economic impact on a business. Given the enormous repercussions of the pandemic on the travel and aviation sector, a significant fine reduction doesn’t come as a surprise.”
“These headlines, and the perception of backtracking, could begin to undermine the credibility of the ICO, leading consumer groups and others to question its efficacy”.