British Airways GDPR fine and victim compensation

The British Airways GDPR fine could be as large as £500m, with several more millions on top of that to be paid to victims in compensation.

We’ve launched our British Airways compensation action, and you can read more about your rights to claim here.

In terms of a fine, the new GDPR rules mean that a company responsible for a data breach is fined £17m or 4% of the company’s global annual turnover. The potential £500m figure has been based on the estimations of turnover, given how huge British Airways is.

Is this a feasible fine, and what about victims and their rights to compensation? How much could you receive?

How will the British Airways GDPR fine be calculated?

How the British Airways GDPR fine will be calculated is an interesting question. They may be the first – or one of the first – to receive a fine under the new rules.

How will the Information Commissioner’s Office (ICO) decide to levy the fine in this case?

How fines are calculated is typically based on factors, such as:

The extent of the breach or breaches (i.e. how many of the data protection principles were breached, and how badly were they breached);
What, if anything, British Airways did to prevent the breach from happening;
What were the warning signs that a breach could take place?;
The nature of the data that has been breached;
The number of people affected.

In terms of the British Airways data breach, the incident is serious. We’re talking about some 380,000 payment cards being fully compromised; i.e. full card numbers, expiry dates and security (CVV) numbers. It’s often partial payment information that’s breached, but in this case, it was more.

And there were warning signs. Just weeks before, news that Ticketmaster (an action we’re also representing victims for) had suffered a breach came to light. It’s understood that it’s the same hackers in both cases, and there were warnings that the Ticketmaster breach was merely the tip of the iceberg.

Payment processing systems were to be targeted. How did British Airways fail to act in time?

These factors may mean the British Airways GDPR fine is huge; perhaps even the maximum amount that could reach £500m.

Victim compensation separate to any BA GDPR fine

It’s important to know that compensation for victims of the breach is separate to any British Airways GDPR fine that may be imposed.

Victims of the breach could be entitled to claim £1,250.00 or more for the distress, and any financial loss on top.

Find out today if you can join the British Airways compensation action we’ve launched here.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.