The British Airways GDPR fine could be as large as £500m, with several more millions on top of that to be paid to victims in compensation.
In terms of a fine, the new GDPR rules mean that a company responsible for a data breach is fined £17m or 4% of the company’s global annual turnover. The potential £500m figure has been based on the estimations of turnover, given how huge British Airways is.
Is this a feasible fine, and what about victims and their rights to compensation? How much could you receive?
How will the British Airways GDPR fine be calculated?
How the British Airways GDPR fine will be calculated is an interesting question. They may be the first – or one of the first – to receive a fine under the new rules.
How will the Information Commissioner’s Office (ICO) decide to levy the fine in this case?
How fines are calculated is typically based on factors, such as:
- The extent of the breach or breaches (i.e. how many of the data protection principles were breached, and how badly were they breached);
- What, if anything, British Airways did to prevent the breach from happening;
- What were the warning signs that a breach could take place?;
- The nature of the data that has been breached;
- The number of people affected.
In terms of the British Airways data breach, the incident is serious. We’re talking about some 380,000 payment cards being fully compromised; i.e. full card numbers, expiry dates and security (CVV) numbers. It’s often partial payment information that’s breached, but in this case, it was more.
And there were warning signs. Just weeks before, news that Ticketmaster (an action we’re also representing victims for) had suffered a breach came to light. It’s understood that it’s the same hackers in both cases, and there were warnings that the Ticketmaster breach was merely the tip of the iceberg.
Payment processing systems were to be targeted. How did British Airways fail to act in time?
These factors may mean the British Airways GDPR fine is huge; perhaps even the maximum amount that could reach £500m.
Victim compensation separate to any BA GDPR fine
It’s important to know that compensation for victims of the breach is separate to any British Airways GDPR fine that may be imposed.
Victims of the breach could be entitled to claim £1,250.00 or more for the distress, and any financial loss on top.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on September 27, 2018
Posted in the following categories: British Airways Data Breach Claims Group Action and tagged with British Airways Data Breach | compensation | gdpr | Group Action | ico