GDPR bites: British Airways fined £183m for customer data breach

The UK’s first GDPR data-breach fine has been issued this week. It’s clear the regulation isn’t to be taken lightly. British Airways has been slapped with an eye-watering £183m fine for what the Information Commissioner’s Office labelled ‘poor security arrangements’ after hackers stole the personal data of 500,000 customers.

GDPR isn’t a paper tiger

To put the UK’s first GDPR fine into context, it is equivalent to 1.5% of BA’s £11.6bn global turnover in 2018 and will feature in the company’s annual report and will be mulled over by shareholders and potential shareholders alike.

BA has found to its cost that GDPR isn’t a paper tiger, it has real teeth, and cybersecurity must now be a board-level consideration with the buck finally stopping at the desk of the CEO.

Are you GDPR compliant, or facing a record fine?

The previous record fine for UK data mismanagement was for a ‘mere’ £500,000, levied against Facebook for its involvement in the Cambridge Analytica scandal.

So, what can retailers and hospitality firms do to ensure they remain fully GDPR compliant? The cornerstone of GDPR is protecting consumer data.

Vodat has produced a security guide to help retailers and hospitality players ensure they aren’t putting their business and customers at risk,

Read the report here: Five steps to ensure you are GDPR ready


Join Retail Connections

Register here

Related insights


Welcome to the appointment economy

Refashioning retail – fashion’s digital transformation for post-covid commerce


Retailers are already better for the crisis


Urban fashion brand rag & bone on its latest personalisation strategy


How deep is your customer view?


Know your competition JCPenney

Join Retail Connections

Get the latest industry views and exclusive member offers sent direct to your mailbox.