2 December, 2020
Angus J Allen

ICO announces £20m BA fine

Iceberg showing hidden dangers

On Friday 16th October, the UK’s Information Commissioner’s Office announced its long awaited fine of British Airways for breach of the GDPR following a cyber-attack in 2018. The final fine of £20 million is the largest fine issued by the ICO under the GDPR, although it has been reduced from £183.39m.

Key takeaways for organisations include: (1) reviewing the checklist of security measures expected by the ICO included in the penalty notice; (2) having in place well developed and tested response plans so that incidents are escalated with the appropriate degree of urgency; and (3) understanding that the cost of breaches extends well beyond regulatory fines and includes litigation brought by data subjects (which for BA is working its way through the courts).

Written by

Angus J Allen

Angus J Allen

Founder and CEO

Angus is Founder and CEO at Volemic. In this role, Angus oversees all aspects of Volemic's product development, operations and sales internationally. Before launching Volemic, Angus spent 20 years as a technology lawyer, banker and leader.

Related Articles

The Volemic View Blog

Subscribe via Email.


Subscribe to The Volemic View to receive the latest news and insights relating to data privacy, cybersecurity and making email trustworthy.

Thank you! You have been subscribed.