I read with some interest that 'British Airways' (BA) have been handed a hefty fine from the 'Information Commissioners Office' (ICO) for the data breach of last year.
The reason I found it of interest is that I'm a frequent flyer with BA (Gold Status) and that whilst the ICO have handed out the fine it isn't at the punitive level it could have been.
The ICO said it was the biggest penalty it had ever handed out and the first to be made public under new rules.
Information Commissioner Elizabeth Denham said: "People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.
"That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
The ICO has the ability to fine a company up to 4% of worldwide revenues for any breach under the GDPR, so the BA penalty which amounts to 1.5% of its worldwide turnover in 2017, less than the possible maximum.
A few weeks ago I wrote a blog saying it was only a matter of time before the ICO using the GDPR rule book would start to create some strong test cases in order to bring to a halt the ongoing dodgy practices of numerous businesses around the world, especially those in ad tech that continue to see any fine as a part of doing business.
I have also stated on numerous occasions that you should take a serious look at social selling, which doesn't require you to have a database, store as database, or send out shitty spammy intrusive messages.
Until now, the biggest penalty was £500,000, imposed on Facebook for its role in the Cambridge Analytica data scandal. That was the maximum allowed under the old data protection rules that applied before GDPR.