Chester 01244 405555

Grosvenor Court
Foregate Street Chester
Cheshire CH1 1HG
DX: 19990 Chester

Shrewsbury 01743 443 043

Lakeside House
Oxon Business Park
Shrewsbury SY3 5HJ
DX: 148563 Shrewsbury 14

Airport City, Manchester 0844 800 8346

Office 129
Manchester Business Park
3000 Aviator Way
Manchester M22 5TG

Send us a message
Our Offices

British Airways GDPR Breach

18th July, 2019

British Airways, once renowned for being the UK’s largest international airline, has been issued with a record-breaking GDPR fine by the Information Commissioner’s Office (ICO). The £183.39M fine follows a breach in security systems between late August and early September 2018.

As a result of their “poor security arrangements”, personal data from half a million British Airways customers was stolen. The ICO declared that hackers accessed customer names, addresses, credit card information and details of their travel bookings.

British Airways chairman Alex Cruz expressed how “surprised and disappointed” the airline was by the decision made by ICO to fine British Airways 1.5% of the company’s 2017 revenue.


The importance of  GDPR to employers and their employees

Updated data protection legislation came into force in May 2018, including the General Data Protection Regulations (‘GDPR’) and the Data Protection Act 2018 (‘DPA 2018’). Fundamentally, the reformation allowed EU citizens to have more control over their data.

UK companies are obliged to comply with the DPA 2018. Personal data is information that relates to an identified individual, this will generally be processed electronically and held by a public authority. However, the introduction to GDPR also meant new responsibilities for employers and their employees.

Following the recent changes, it is now vital for employers to make sure that all personal data, particularly sensitive information such as healthcare matters (which is now collectively referred to as special category data) must be carefully secured.


Considerations for employers

It is a legal obligation for employers to comply with the DPA 2018. As a reminder to all businesses, it is necessary for employers to provide employees with detailed information regarding:

  • What type of data they will be holding;
  • how long their data is going to be held;
  • whether the data is going to be transferred to other organisations and other countries;
  • the right to make a subject access request; and
  • the right to have personal data deleted or rectified in certain instances.

Organisations should have a clear and thorough retention policy for holding personal data. Such data must not be held for longer than is required. Employers will also have a responsibility to ensure the retention policy is easily accessible for the employees.


What to do if there is a personal data breach?

The new data protection legislation imposed a new breach notification requirement. If you believe there has been a personal data breach which is likely to endanger the rights and freedoms of an individual, it is essential that you inform the ICO within 72 hours.

The individual concerned shall also be notified if it is considered that the breach is likely to result in a high risk of adversely affecting their rights and freedoms – but this threshold is higher than the threshold for reporting the breach to the ICO.

The ICO will then investigate the breach and can issue fines which can be as much as €20 million or up to 4% of the organisations annual turnover depending on which is greater. As previously mentioned British Airways received a fine of 1.5% of their annual turnover for 2017 totaling £183.39M.

For professional in house training and compliance advice and support for your business, please contact employment law partner Claire Brook.

Claire Brook

Employment Law

Email: [email protected]
Tel: 01244 405 575

You might also be interested in...

Coronavirus Act 2020 – Emergency Volunteering Leave

3rd April, 2020

What is emergency volunteering leave and what are the eligibility requirements? Emergency volunteering leave (‘EVL’) is an entitlement... Read More »

Coronavirus Small Business Grant Fund

3rd April, 2020

In response to the Coronavirus, Covid-19, the Government announced there would be support for small businesses, in the... Read More »

Don’t kill the goose that lays the golden eggs

3rd April, 2020

As one rent payment quarter date passes (25 March (Lady Day)), tenants and landlords look to the next... Read More »

Contact Us
Secured By miniOrange