We may see a Marriott GDPR fine applied after the monumental breach that was discovered last year, given the volume of people affected and the nature of the breach.
As many as 500 million people were affected, with data said to have been compromised between 2014 and 2018. An unauthorised third-party is said to have accessed the guest reservation table fore the Startword division of the company. Data exposed in the breach included a lot of personal and account data.
The breach lapses over GDPR coming into force in May 2018. That means that the ICO (Information Commissioner’s Office) could issue a fine that equates to 4% of the Marriott’s global annual turnover.
How high could a Marriott GDPR fine reach?
In theory, a Marriott GDPR fine could be astronomical. One suggestion, basing the figure on the 4% of the turnover rule, suggested the fine alone could be almost £700m! Whatever the calculation is, it could easily be millions, or even hundreds of millions.
You then have to look at the costs they will incur in addition to a potential fine as well, and it’s easy to see just how serious this could be for them.
Data exposed in the breach is said to have included a wealth of personal information, account information and passport details. They could end up paying for new passports for victims if their passports have been compromised. Add on top of that the costs of their investigations, actions taken for customers, and legal costs, it could be a fortune.
Some have suggested the final figure could be over a billion pounds.
Is compensation related to any Marriott GDPR fine?
Compensation for victims of the data breach is separate to any Marriott GDPR fine that the ICO may issue. Victims could be entitled to claim for the distress caused, as well as for any financial losses and additional costs as well. When it comes to data breach compensation amounts, we could easily be talking of pay-outs that range between £1,000.00 and £5,000.00 for each victim.
They may also face financial punishments in the U.S. as well. There could end up being millions of people who make a data breach compensation claim, and it will all add up. The damages paid and the legal fees could be absolutely huge.
We’re yet to see the first instance GDPR fine being issued since the changes. The Marriott data breach could be the one that sets a huge precedent for the future.