“The £183 million fine imposed by the ICO on British Airways (BA) in relation to a data breach last year represents 1.5 percent of its global turnover and is a significant milestone in the award of penalties under the GDPR.
“Although the fine, which BA plans to appeal, is severe and the largest since the new regulations were introduced just over a year ago, it could have been much greater as the maximum of 4 percent would have seen this levied at £488 million. Is the reduction due to the mitigation, the cooperation with the regulator or the ICO being cautious about the amount of fines imposed at this early stage?
“The potential fine of £183 million is not the only concern for the board of BA. The class action launched last year for affected people could amount to in excess of £500 million, a case that will be closely watched by the data protection community as it will set the benchmark for these types of claims.”GDPR: One year on and wheres it gone?