top of page

British Airways faced a possible record fine of US$230 mil under the GDPR for a data breach

Another wake up call for organisations in Malaysia.

IAG, the parent company for British Airways issued a statement stating that the UK Information Commissioner’s Office intends to issue the airline with a penalty notice under the UK Data Protection Act, totalling to £183.39 million or US$230 mil.

Organisations in the UK are subject to EU's GDPR and the GDPR forces companies to make sure the way they collect, process and store data is safe. Any organization that holds or uses data on people inside the European Union is subject to the rules, regardless of where it is based. Companies that breach the law can be fined up to 4% of their annual revenue. The £183.4 million ($230 million) fine is roughly 1.5% of British Airways' annual revenue.

The Information Commissioner's Office has become an increasingly prominent regulator in the digital space. It fined Facebook £500,000 ($626,000) last year over the Cambridge Analytica scandal, the maximum allowed before GDPR came into force.  


bottom of page