Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

British Airways fine for 2018 data breach reduced to £20 million

British Airways ultimately pays £20 million for 2018 data breach

The British Information Commissioner’s Office (ICO) reduced the penalty for British Airways for the data breach that took place in 2018. Initially, the fine was set at €204,6M (£183.39M) or 1.5% of British Airway’s revenues in 2018.

However, taking into consideration other factors and the recent COVID-19 situation and the effect it had on the airline industry, on 16 October 2020, the fine was ultimately reduced to £20 million or around €22 million.


Timeline of British airways cyberattack and GDPR fines


British Airways data breach

In September 2018, British Airways suffered a data breach incident that involved user traffic to the British Airways website being diverted to a fraudulent site where personal information of approximately 400,000 customers and BA personnel was harvested by the attackers.

The company had inadequate security mechanisms to prevent such cyber-attacks from happening.

The ICO stated that a “variety of information was compromised by poor security arrangements at the company, including login, payment card, and travel booking details as well name and address information.

The attack was detected only 2 months after it started, in September 2018, due to the serious lack of security measures. The breach affected personal data of customers and employees, which included their names, addresses, login and password information, credit card numbers, and CVV numbers.

5 biggest GDPR fines so far [2020]

2019 notice of intent to fine British Airways

In July 2019, after a thorough investigation, the ICO issued a notice of its intention to fine British Airways €204.6M or £183.39M for violation of Article 5 (1) f) and Article 32 of the General Data Protection Regulation (GDPR).

According to the ICO’s official statement: “An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

In the meantime, the ICO and British Airways engaged in negotiations that allowed the two sides to plead their cases regarding the severity of the penalty, which in the end resulted in reduced fine.

2020 decision to fine British Airways £20m for data breach

On October 16, 2020, the ICO finally issued a decision to set the fine at £20 million. However the reasons behind the reduced fine are not related to the seriousness of the case, rather British Airways respond to the situation, economic impact, and the current situation around the Coronavirus pandemic.

Information Commissioner Elizabeth Denham stated: “People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure. Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date.”

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top