Mistakes can be costly, and this lesson is well and truly learnt now by British Airways. After a mistake that lead to a website failure resulting in a data breach that has left the personal information of about 500,000 customers exposed, British Airways are facing a record USD 230 million fine owing to the strict data policies in place within Europe. The strict policies, together known as the General Data Protection Regulation (GDPR), are in existence since last year when it was instated by the European Union. The fine implied on British Airways will be the biggest ever fine collected under the GDPR.
The statement released by the UK Information Commissioner’s Office explained that a loophole in the security and apparently a weak security altogether redirected visitors to a fraudulent page instead of the official British Airways website since 2018. It also stated that British Airways will get a chance to explain themselves and protest against the fine. The data leaked had customer’s payment details, log in credentials, and all the booking details. However, British Airways disclosed the entire breach three months later in September 2018. Any company that breaches the GDPR laws is viable to be handed a fine of up to 4 per cent of its total annual revenue, and the USD 230 million fine accounts to about 1.5 per cent of the total annual revenue for British Airways. The company has stated though it was surprised with the punishment and would oppose it as they did everything they could to fight against the criminal data breach.
Talking of GDRP, the high-standard privacy law, was at the helm of highlights ever since its inception. In the first year, GDRP collected €56M, an indication of how big the recent fine on British Airways is. The law undertook 200,000+ investigations while managing to upheld 64,000 of them.