An £183m penalty for British Airways after it was hacked by criminals has prompted a leading county business organisation to urge firms to make sure they are following the relevant legislation.
Cumbria Chamber of Commerce is advising businesses to ensure they are GDPR compliant after criminals gained access to the personal data of 500,000 British Airways customers via a cyber attack.
It included addresses and payment card details.
The company was hit by the largest penalty ever imposed for a data breach by the Information Commissioner’s Office.
General Data Protection Regulation came into force in May last year to replace the Data Protection Act.
Businesses that fail to comply face substantial fines of up to four per cent of their annual turnover.
Rob Johnston, chief executive of Cumbria Chamber of Commerce, said: “Initially, the Information Commissioner took a softly-softly approach to enforcement.
“The penalty imposed on BA marks a sea change. It is the commissioner setting down to a marker, saying to businesses, ‘take this seriously – or else’.
“The Information Commissioner criticised BA for poor security arrangements that allowed data to be compromised. She has made an example of BA, probably because it’s a large company that should have known better.
“But every business should be addressing this.
“It’s not only the risk of a fine. The reputational damage of being named and shamed for a data breach could do immense harm to your business.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here