The European Commission is ready to impose a £183.4 million fine on British Airways for its failure to protect the personal details of 500,000 customers.
The penalty for a perceived violation of the General Data Protection Regulation (GDPR) would set a new record; the UK’s Information Commissioner confirms that since June 2018 the company’s weak security allowed user traffic to be diverted from its website to a fraudulent page.
The company that admitted the failure in September 2018 is planning to contest the fine.
Under EU rules, any organization that holds or uses data on people inside the EU and fails to protect them can be fined up to 4% of its annual revenue. According to Information Commissioner Elizabeth Denham, “when you are entrusted with personal data you must look after it.”
To place the EU fine in perspective, before the GDPR came into effect, the UK’s Information Commissioners Office fined Facebook with £500,000 for its role in the Cambridge Analytica scandal.