Click to open contact form.
Your Global Partners in the Business of Innovation

UK Privacy Regulator Dramatically Reduces Fine for British Airways’ GDPR Violations

Publications / November 01, 2020

Article written by Haim Ravia, Dotan Hammer and Adi Shoval

The UK Information Commissioner’s Office (“ICO”) announced a dramatic 90% reduction in the fine imposed on British Airways amid its data breach, from £183.39 million to £20 million.

The ICO published its original intent to impose the fine following an investigation that ultimately concluded that British Airways had violated its data security duties under the GDPR and that its violations prompted a data breach that compromised the data of about 500,000 of the company’s customers, including their names, addresses, flight information, and credit card information.

Approximately a year following the ICO’s initial statement, the British privacy regulator now decided to significantly reduce the fine, explaining that the company had promptly responded to the breach, notified the affected data subjects, and significantly cooperated with the ICO’s investigation. The ICO also explained that the reputational damage that British Airways sustained following the publication of the breach, as well as the financial difficulties that it faces this year due to the Coronavirus crisis, also were taken into consideration in the decision to reduce the fine.

CLICK HERE to read the ICO’s decision.

MEDIA HIGHLIGHTS