Last year saw the Information Commissioner鈥檚 Office hand out more than just a 鈥榮lap on the wrist鈥 with companies such as Facebook and Equifax receiving fines of up to 拢500,000 for data breaches. However, earlier this week, both British Airways and Marriott International received proposed fines of 拢184m ($230m) and 拢99m ($125m) respectively, following the introduction of the EU鈥檚 General Data Protection Regulation (GDPR) in May 2018.
Prior to May 2018, the UK followed the Data Protection Act 1998, in which the maximum fine equalled 拢500,000. But with the introduction of the GDPR companies can now be liable to pay penalties of up to 4% of their turnover.
The large fines have been proposed for the following:
Although the announced fines are only proposed and not final, they act as a stark reminder and lesson to companies to not only ensure they are data compliant, but also check the third parties they are using.
Andr茅 Baywater, Partner at Cordery Breach Navigator, also noted in an article for : 鈥淥rganizations clearly need to undertake thorough due diligence when making a corporate acquisition鈥or example, during the due diligence process, a buyer will need to investigate the target business鈥 data protection compliance, including its security systems, and when negotiating a share purchase agreement or asset purchase agreement including post-migration of personal data.鈥
As revealed by the British Airways and Marriott breaches, it can be very difficult to stay protected and compliant. Not only are data breaches complex business events, but they also can have far-reaching financial and reputational consequences鈥攕o staying compliant and managing incidents well is essential.
gives you the expertise, discipline and support to help you make the right decisions on risk and GDPR reporting requirements. Applicable for organisations of all sizes, the tool is there to support Data Protection Officers (DPOs) who are tasked with designing and implementing processes that can respond to a dynamic set of risks and instil confidence in senior management. The powerful software tool combines legal expertise with clever software to help DPOs and their teams deal with potential and actual data breaches in a consistent, informed manner using the very latest best-practice techniques.
For more information on GDPR see Lexis庐PSL Practice Note on . Click here for a free trail.
Click to explore the full capabilities of our Cordery tool.
* denotes a required field
Hannah is one of the Future of Law blog鈥檚 digital and technical editors. She graduated from Northumbria University with a degree in History and Politics and previously freelanced for News UK, before working as a senior news editor for 老司机午夜福利.
0330 161 1234