British show data protection rules have bite: $230M fine on British Airways

GDPR fines have arrived in a big way.

UK regulators said Monday that they intend to hit British Airways with a record £183.4 million ($230 million) penalty after the data of 500,000 customers was compromised in 2018.

The UK Information Commissioner’s Office said shoddy security measures were partly to blame.

GDPR stands for General Data Protection Regulation.

“The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU),” the EU explains.

The fine amounts to 1.5% of British Airways’ global annual sales. Companies can face penalties of up to 4% of their annual revenue under GDPR, the strict EU data rules that came into effect last year.

British Airways said it would contest the fine. Shares of parent company IAG fell 1%.

“British Airways responded quickly to a criminal act to steal customers’ data,” the company’s CEO said in a statement. “We have found no evidence of fraud [or] fraudulent activity on accounts linked to the theft.”