The ICO announced yesterday its intention to fine BA £183 million.
This will be the first fine imposed by the ICO since the GDPR came into force – it relates to a cyber security incident during 2018 which led to the names, addresses and payment card details of approximately 500,000 BA passengers being compromised. The ICO says that BA had failed to put in place appropriate measures to keep the personal data secure.
This is not a fine as yet. Before a fine is imposed, the ICO issues a notice of intent to fine a particular amount (in this case, £183m). BA now has the opportunity to make final representations in the hope of getting the amount reduced before it is imposed.
Laura Monro is a senior associate in the commerce & technology team at City law firm Fox Williams LLP and can be contacted at lmonro@foxwilliams.com