About us

About us

Who we are
Working with us
Our history
Equity, diversity and inclusion
Senior leadership
Corporate social responsibility
Legal services frameworks
Our regulatory information
About us
What we believe in and why we do it
Find out more
People
Sectors
Overview
Education
Emergency services
Health and justice
Housing
Insurance

Insurance

Select from our range of services
Medical malpractice for insurers
Personal injury
Local government
NHS healthcare

NHS healthcare

Learn more about how we can help you
ProvidersNHS commissioners
Healthcare infrastructure projects
GPs, Dentists & Pharmacists

GPs, Dentists & Pharmacists

Learn more about how we can help you
General practitioners (GPs)Dentists
Pharmacists
Private healthcare
Professional regulatory

Out of hours

24/7 emergency health and social care advice
Our sectors
Go-to advisors
Find out more
Services
Overview

Overview

Learn more about our service areas
Banking and financeClaims handling serviceClinical negligenceCommercial and contractsCorporateEmployment and pensionsGovernanceHousing development and regenerationHousing managementInformation law
InquestsInquiries and investigationsLitigationMedical malpracticeMental capacity and mental healthPersonal injuryProcurementReal estateReal Estate InvestmentRegulatory
HR advisory and consultancy
Capsticks Mediation Services

Out of hours

24/7 emergency health and social care advice
Our services
Learn more about our connected expertise
Find out more
Insights & Events

Insights and events

Insights
News
Events
On-demand webinars
Podcasts
Resources
Diploma in Clinical Risk and Claims Management
Capsticks Housing Diploma
Insights and events
Sign up today
Find out more
Careers

Careers

Vacancies
Trainee solicitors
Apprenticeships
Careers
People first at Capsticks
Find out more
Sign up to our mailings
Contact
Back to insights

5 thoughts on the BA ICO (intention to) fine

08/07/19


2. The ICO's earlier off-the-cuff line about 'not adding zeroes to earlier fines' may not be quite right... £183m, if issued, is a step change. Whilst the easy number to remember with GDPR was 20m Euros, the wording of the legislation allows the maximum fine to be up to 4% of global turnover, if higher. The proposed fine here is, I think, about 1-2% of BA's turnover, which is about £12bn. For high turnover, low margin businesses (or the public sector) this is a risk - although 'ability to pay' and 'knock on effects' are factors the ICO will take into account in setting the penalty.

3. ...but per affected data subject, the proposed fine is not so far removed from some earlier action (about £366 per person here, based on 500,000 data subjects). There were about half a million affected data subjects. Some high-impact incidents under the 'old' regime attracted far higher fines per affected data subject (for instance GMP losing some unencrypted DVDs of interviews with victims of crime). The BA incident was high volume/low potential impact in the great scheme of things - whereas GMP was low volume/high potential impact. A change in the regulatory regime from GDPR is better able to address such situations for large businesses engaging with lots of individuals. 

4. Prevention will remain better than cure. I wonder how much BA spend on its cyber security position relative to £183m. An organisation that can show it has made heavy investment may influence the ICO's thinking at the investigations stage.

5. It isn't over yet. As regards the proposed fine, there is now a window for formal representations, and BA can then appeal against any eventual fine. Meanwhile, a class action suit is also in the offing - with some suggestions to the value of £500m (and accepting the fine will open the door wider on this). I think this case will also be a practice run for the ICO for their future GDPR enforcement strategy.

Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).

 




Andrew Latham
PartnerLondon
[email protected]
020 8780 4674
Back to top
Modern Slavery StatementPrivacyDisclaimerUpdate your detailsAccessibilityComplaints policy
We use cookies to ensure you get the best experience on our site. You can learn more about how we use cookies here.
Allow cookiesManage permissions
Necessary Cookies:
Allow Necessary Cookies
Performance Cookies:
Allow Performance Cookies
ok
x