British Airways Fine – What does the Outsourced DPO think about it all?

Two weeks ago the ICO published their rationale for levying fines for consultation and last week fined British Airways £20m for the June 2018 breach. Opinions are mixed as to whether it is too low for company of BA’s size whose turnover in 2017 was £12.6bn from which they made £1.4bn profit. A fine of £183m would have been 1.5% of 2017 turnover: the fine of £20m is 0.16%. Being a breach of security the penalty falls both in the standard €10m or 2% maximum amount (SMA) as well as the €20m or 4% higher maximum amount (HMA) which is somewhat confusing! The ICO’s matrix of penalty starting points classifies a 0.16% fine as of low seriousness and low/no culpability.

I fundamentally disagree with reducing fines for Covid. Spreading the payments of a £183m fine would have been a better approach for a company like BA. Shareholders should feel the impact so they put appropriate pressure on management to get on the front foot with data protection compliance.

Cyber Security Services

PCI DSS

ISO 27001

Cyber Security Consultancy

Cyber Security Support

Pentesting

Data Protection Services

SAR Support

Data Protection Support

Outsourced DPO

Data Protection Consultancy

Information Management Software

GDPR Training

GDPR Audits

GDPR Representative

GDPR Documentation

Information Governance Framework

Information Rights Request

24/7 Support whenever you need it

British Airways Fine – What does the Outsourced DPO think about it all?