According to the DLA Piper: GDPR data breach survey 2020, more than 160,921 personal data breaches have occurred since the implementation of the General Data Protection Regulation (GDPR) law from May 25 2018, up until now. The biggest fines of the year are likely to be imposed on British Airways and Marriott International. This is to set out a precedent that no business big or small is free from the impact of GDPR. Data privacy matters and this is why both these names are on the ICO’s blacklist.
The issues are being reviewed in a court of law though. The total amount of fines issued due to non-compliance with GDPR is over £ 462 million. There are two main types of fines that are imposed. One is a lower level fine that is considered to be imposed on milder violations. The upper-level fine is imposed on higher-level serious violations. The lower level fine is up to £9 million, or 2% of the worldwide annual revenue from the previous year, whichever is higher in the given case. Whereas, the upper level is twice that size of around £18 million and 4% of the worldwide annual revenue (whichever is higher).
These fines are imposed on companies that may have overlooked the GDPR and the Data Protection Act 2008. This means that any company that has failed to protect their employees, customers or data subjects from any sort of data breaches, are answerable in a court of law. Under these circumstances, the two main cases that have emerged are British Airways and Marriott International. Both of these are under the jurisdiction of the UK’s independent regulator, Information Commissioner’s Office (ICO).
The fines are being predicted to be some of the biggest ones in history as the breaches and the inadequacy to protect the personal data of people has been huge. The negligence has surpassed any of the other organisations seen in the past. Before this, the highest fines were imposed on Google, TIM and the Austrian Post.
Google has been fined in many countries within the EU. The fines total up to a whopping £50 million. TIM and the Austrian Post have been fined in their respective countries through the Irish data protection watchdog and the Austrian data protection body.
Although this is only speculation. The ICO issued only a notice of its intention to fine Marriott International and intention to fine British Airways under GDPR for a data breach. The details are not final yet and the COVID-19 issues have only6 delayed this further due to the pandemic requiring immediate attention. Although it is essential to remember that data breaches often cause financial and serious physical harm to those whose privacy has been compromised. While data privacy crises do not equate to a health crisis, it is essential that we still keep an eye out for what’s going on in the vulnerable world of data security.
In July 2019, the ICO announced its intention to issue a £183.39 million fine to the British Airways for violation of Article 31 of the GDPR. The incident occurred in September 2018, when the British Airways website diverted users’ traffic to a hacker website. This resulted in hackers stealing the personal data of more than 500.000 customers.
In the same month of July of 2019, ICO issued another statement of their intent to fine Marriott International for infringements of the GDPR. in this breach, the data of 339 million guest records were exposed. This included several local and foreign citizens.
Now, to sum it up the ICO is likely to issue a verdict soon but, it seems like these are going to be the biggest headliners of the Data Privacy World in 2020 in terms of the numbers. Stay tuned for more!