The £183m British Airways fine - how the ICO showed that they’re NOT playing when it comes to data breaches

17th Jul 2019
Brought to you by
Share this content

Now that we’re all settled in and comfortable with GDPR, it’s easy to lapse into familiarity. It’s like when you have a new partner and you put on a few pounds once the honeymoon phase is over. You stop trying. Then BAM they tell you to get your arse to a gym or it’s over. This is how the massive fine given to British Airways by the ICO feels.

Let’s be honest, we probably all forgot about the threats that the ICO warned us about with the introduction of GDPR last year. Well, what happened last week with BA is enough to pull those bootstraps up so high you’ll be swinging from the ceiling. Thanks to a data breach of its security system that occurred last year, BA were hit with an eye-watering fine of £183 million. Yes, the ICO were NOT KIDDING when they foretold of fines equalling £10 million or 4% of annual turnover, whichever is highest, and gee whizz they didn’t pull any punches. (Well actually they sort of did, as this fine was only 1.5% of BA’s annual turnover, imagine they were hit with the full 4%?? Yikes!). The ICO mean BUSINESS. 

So a bit of background - the incident in question took place when users of BA’s website were diverted to a fake site through which the details of approximately 500,000 customers were harvested by the attackers. The ICO deemed that BA, as an organisation, failed to protect their customers’ personal data from loss, damage or theft. 

Elizabeth Denham, Information Commissioner, said:

“That’s why the law is clear - when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights”.

Coincidentally, Elizabeth Denham has joined my list of people I do not want to mess with. 

So if all y’all were sleeping on GDPR and have put on a few proverbial pounds it’s time to WAKE UP and hit the gym to work on the ol’ GDPR compliance and data protection…yeah that metaphor sounded better in my head. Anyway, the message from the ICO is clear - if you’re not treating your customers’ data like the Ark of the Covenant then you can expect swift and severe retribution. Up until now, the highest fine has been given to Facebook and that was a measly £500k. 

Scary huh? THAT’S THE POINT! I bet you’re rustling through those mental filo-faxes and mind maps trying to remember if you have all of the proper procedures in place, if your security system are up-to-speed. And I bet you’re sweating even more if you work in a profession that holds way more sensitive data than most businesses; for example: payroll

Luckily for those of you that do work in payroll, BrightPay have had all their ducks in a row and appreciated the importance and severity of GDPR regulations a long time ago. In the new world of GDPR, non-compliance will be a continuous threat to all business and BrightPay specialises in payroll solutions that are literally tailored to help you with GDPR compliance. Features such as securely sending payslips, an employee self-service portal, end to end encryption and cloud-based storage to name but a few. 

There’s enough to worry about in this world: Did that cute guy on the bus catch me taking a picture of him? Are those wrinkles or am I just tired? Does my dog really know how much I love him? Don’t let GDPR compliance be another one - head over to www.brightpay.co.uk, put your feet up and enjoy one less thing to worry about. 

About BrightPay

BrightPay, WINNER of Payroll Software of the Year 2018 is a payroll and AE software that makes managing payroll easy. Our cloud add-on, BrightPay Connect introduces powerful online features including an automated cloud backup, online annual leave management, client payroll entry and approval and an employee self-service portal. Book a BrightPay Connect demo today to see how the cloud add-on can help you with GDPR compliance.


Written by Aoibheann Byrne | BrightPay Payroll Software