Huge fines being threatened by the ICO in two landmark cases
July 16th 2019Joanne Stronach Head of Employment & HR gives her views on recent headline.
The ICO has issued a ‘Notice of Intention’ (NOI) to fine British Airways a huge £183.39 million for GDPR infringements. It is for a breach that took place last September, in which personal data of approximately 500,000 BA customers was compromised.
The ICO has also issued a NOI to fine Marriott £99 million for a cyber incident in which approximately 339 million records were made available, of which 7 million was for UK residents. That has to hurt both in terms of money and reputation.
So what happens next? They have twenty-one calendar days, from the date of the NOI, to make representations to the ICO’s office. The ICO has confirmed it will also consider representations made by other data protection authorities before it makes any final decision on penalties. The penalty will then be confirmed in a ‘Monetary Penalty Notice’ (MPN), which will include any aggravating and mitigating factors the ICO has taken into account. The companies will then have to pay any fine within a specified period of up to 28 days maximum. Alternatively, they may appeal within 28 days. British Airways has already said it will vigorously defend its position.
“It is going to be an interesting month or so” says Joanne.
![Facebook](javascript:sharePopup('https://www.facebook.com/sharer/sharer.php?u=https://www.cartmells.co.uk/huge-fines-being-threatened-by-the-ico-in-2-landmark-cases/&picture=https://www.cartmells.co.uk/wp-content/uploads/2020/07/news.jpg&title=Huge fines being threatened by the ICO in two landmark cases"e=Huge fines being threatened by the ICO in two landmark cases', 'Share with Facebook','600','400','100','300')){kind=link}