With this week’s news focused on big GDPR fines for British Airways and Marriott, we can only assume that more fines are on the way.
Our lawyers are fighting for justice in over 25 different data breach group and multi-party actions. That shows just how many big legal cases we’ve taken forward, and some of the incidents took place after GDPR was introduced last year. The BA Group Action is one of those, and the initial fine of £183m shows just how serious the Information Commissioner’s Office (ICO) is on punishing offenders.
With the likes of the Ticketmaster data breach and the Well Pharmacy incidents yet to involve penalties, we expect more big fines to be on the horizon.
More big GDPR fines on the horizon…
Many more big GDPR fines may be on the horizon. The new legislation allows for fines to be levied at up to 4% of a company’s global annual turnover. In the case of the British Airways data breach fine, theirs was understood to have been set at 1.5% of their 2017 global turnover, which amounted to £183m.
The provisional Marriott data breach fine is understood to have been set at £99m by the ICO.
We understand that the basis of the fines will account for the severity of the breach and whether more could – and should – have been done to have prevented the incidents.
Can the fines be disputed?
The initial fines that the ICO can provisionally put in place can be appealed. We understand that British Airways owner IAG is looking at a potentially appeal their £183m fine.
Marriott stated that they were “disappointed” with the ICO’s initial ruling, so they may also look to appeal theirs as well.
It’ll be interesting to see how the ICO responds to appeals. We would expect that any big GDPR fines will be disputed as companies look to try and save themselves money, especially when you consider that they can easily run into millions of pounds.
Will big GDPR fines affect claims for compensation?
A key question for the victims is how big GDPR fines tie in with claims for data breach compensation that we pursue for the victims.
Money from fines issued by the ICO will usually go to the treasury and is intended to be a punishment and a deterrent. Legal action that we pursue is usually a totally separate thing, and data breach compensation amounts are based on the impact as breach has on a victim.
Making a claim
For advice from our team about starting a legal case with us, you can contact the team seven days a week, including on evenings, throughout most of the year.
You can sign-up now for the pending British Airways Group Action by going here.