UK ICO Data Breach Fines – What Can We Learn From British Airways and Marriott?

In July 2019, the UK Information Commissioner’s Office issued two notices of intent to fine British Airways and Marriott International Inc. for violations of the EU General Data Protection Regulation, both related to high-profile personal data breaches.

The NOIs proposed staggering fines of £183.39 million and £99.2 million, respectively, which would have constituted the largest penalties levied under the GDPR to date. More than a year later, the UK ICO finally issued the long-awaited penalty notices in relation to both investigations, imposing in both cases fines that, while still significant, were greatly reduced from what had initially been indicated – £20 million in the case of BA (a massive reduction of more than £163 million), and £18.4 million in the case of Marriott (an equally surprising reduction of more than £79 million).

Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.