Exemplary cooperation between European data protection authorities, CNIL underlines
CNIL, the French DPA, comments on the recent fines issued by the UK DPA (the ICO) against Marriott and British Airways which are, so far, the highest fines ever issued for GDPR violations. The CNIL underlines on its website that in application of the cooperation mechanism provided for by the GDPR, the “one-stop shop”, the ICO draft decisions were sent to other European data protection authorities and hence were carefully examined by the CNIL.
ICO fines British Airways £20m for data breach affecting more than 400,000 customers
The website of the Information Commissioner’s Office (ICO) reports that the Authority has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.
An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.
ICO investigators found BA ought to have identified weaknesses in its security and resolved them with security measures that were available at the time.
British Airways may have another security problem already
ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach
Page 1 of 1