British Airways will probably treat this as from the previous era, and just a single day's loss during the Covid-19 pandemic but a £20m fine announced last Friday by the Information Commissioner's Office (ICO) is clearly a warning to others.  Do not pass on personal and financial details acquired in normal business!  Follow the GDPR rules.   Some 400,000 BA customers had their integrity breached.

The ICO made clear that the airline was processing a significant amount of personal data without adequate security measures in place and as a result BA was the subject of a cyberattack during 2018, which it did not detect for more than two months.

The fine falls under stricter data protection rules and is the Commissioner's biggest such penalty to date. The ICO said that it had considered representations from the airline and the economic impact of Covid-19 on the business before setting a final penalty.

Because the BA breach happened in June 2018, before the UK left the European Union, the ICO investigated on behalf of all EU authorities under the GDPR regime.

Also see Comment: Doyle follows Cruz, Airlines 2050 Monday morning, Cruz steps down and Sean Doyle re-joins British Airways in this week's BTN.

www.ba.com

https://ico.org.uk/action-weve-taken/enforcement/british-airways