Just over a year after GDPR – the EU General Data Protection Regulation – came into force, the UK’s Information Commissioner’s Office (ICO) seems to be celebrating by meting out nearly £300m in fines to two large companies this week.
On Monday 8th July, British Airways – owned by parent company IAG – was fined £183m. While not quite the maximum four per cent of annual revenue that represents the full extent of the ICO’s power with GDPR, this fine is still a record breaker. A simple site diversion hack, planted on BA’s website and disclosed by the company in September 2018, had duped 500,000 customers to surrender their personal data to digital fraudsters.
On Tuesday 9th July, the ICO followed up by announcing that the Marriott hotel group was to be fined £99.2m following its admittance in November 2018 that 339 million records of its guest data – including credit card details, passport numbers and dates of birth – had been stolen outright by intruders.
Both companies are paying dearly for failing their core duty towards customers – protecting their personal data. Reflecting on the severity of the fines, Tony English, CEO of UK cyber security specialist Axial Systems, said:
“Due to the new powers of the ICO, this is a step change in approach. Any business should ensure they have the right technology and tools in place to protect their systems.
“The ICO is now showing its commitment to carrying out its GDPR duty, and BA and Marriott’s penalties should serve as firm precedents – and very real warning – for other companies contravening data law, as well as the level of basic service they owe their customers.”
Axial Systems can provide a full security assessment of your organisation using the latest innovative technologies – with features not available anywhere else in the UK – helping put in place the necessary protection to ensure you are not the next BA or Marriott.
As one of the UK’s leading network solution providers and system integrators, Axial Systems works with best-of-breed vendor partners from across the world to maximise the secure, efficient running of our clients’ networks.