An £183m penalty for British Airways after it was hacked by criminals has prompted a leading county business organisation to urge firms to make sure they are following the relevant legislation.

Cumbria Chamber of Commerce is advising businesses to ensure they are GDPR compliant after criminals gained access to the personal data of 500,000 British Airways customers via a cyber attack.

It included addresses and payment card details.

The company was hit by the largest penalty ever imposed for a data breach by the Information Commissioner’s Office.

General Data Protection Regulation came into force in May last year to replace the Data Protection Act.

Businesses that fail to comply face substantial fines of up to four per cent of their annual turnover.

Rob Johnston, chief executive of Cumbria Chamber of Commerce, said: “Initially, the Information Commissioner took a softly-softly approach to enforcement.

“The penalty imposed on BA marks a sea change. It is the commissioner setting down to a marker, saying to businesses, ‘take this seriously – or else’.

“The Information Commissioner criticised BA for poor security arrangements that allowed data to be compromised. She has made an example of BA, probably because it’s a large company that should have known better.

“But every business should be addressing this.

“It’s not only the risk of a fine. The reputational damage of being named and shamed for a data breach could do immense harm to your business.”