Record-breaking GDPR fine for British Airways

The Information Commissioner's Office has levied an unprecedented GDPR fine on British Airways - 366 times higher than Facebook's Cambridge Analytica penalty.


British Airways


British Airways was found to have neglected its duty to protect the personal data of its customers, after around half a million customers had their personal data compromised last June.

The information harvested through a fraudulent site included:

  • Names
  • Credit card numbers
  • Email addresses and contact details


As per the terms of the General Data Protection Regulation which went live in May 2018, British Airways has been slapped with an eye-watering £183m fine for failing to disclose details of the breach to the Information Commissioner's Office. 

And the ICO could have gone even further.

Businesses in breach of the GDPR can be fined 4% of their annual global turnover - so British Airways could legally have faced a £488m penalty.


Qualsys found only 1% of businesses were fully prepared for the GDPR in the run-up to its live date last year. 

British Airways's financial punishment shows that major corporations are still neglecting their information security processes - and another GDPR news story is inevitable.


Next steps


Watch our GDPR internal awareness training video to learn what you should be doing for GDPR compliance.

Or access our GDPR toolkit for more resources.


GDPR toolkit

Topics: Governance Risk and Compliance News, GDPR, News

Share your thoughts on this article