British Airways Fine – What does the Outsourced DPO think about it all?

Two weeks ago the ICO published their rationale for levying fines for consultation and last week fined British Airways £20m for the June 2018 breach.  Opinions are mixed as to whether it is too low for company of BA’s size whose turnover in 2017 was £12.6bn from which they made £1.4bn profit.  A fine of £183m would have been 1.5% of 2017 turnover: the fine of £20m is 0.16%.  Being a breach of security the penalty falls both in the standard €10m or 2% maximum amount (SMA) as well as the €20m or 4% higher maximum amount (HMA) which is somewhat confusing!  The ICO’s matrix of penalty starting points classifies a 0.16% fine as of low seriousness and low/no culpability.

I fundamentally disagree with reducing fines for Covid.  Spreading the payments of a £183m fine would have been a better approach for a company like BA.  Shareholders should feel the impact so they put appropriate pressure on management to get on the front foot with data protection compliance.

The Resource Library

Other Resources

Resource Centre

News & views

Ad-Hoc Data Sharing Requests

Resource Centre

News & views

An Insight Into Auditing

Resource Centre

News & views

Understanding Data Quality