British Airways is facing a record fine for the theft of data from 500,000 customers from its website last year under tough new data-protection rules policed by the UK’s Information Commissioner’s Office (ICO).The ICO proposed a penalty of £183.4 million, ($329m AUD) or 1.5 percent of British Airways’ 2017 worldwide turnover, for the hack, which it said exposed poor security arrangements at the airline.

The attack involved traffic to the British Airways website being diverted to a fraudulent site, where customer details such as log in, payment card and travel booking details as well as names and addresses were harvested, the ICO said. The UK’s Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal.

“When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it.”

GDPR is an EU regulation and applicable as law in all 28 EU countries. It concerns the personal data relating to people in the EU. It outlines principles such as processing data in a lawful, fair and transparent manner, data minimisation, data accuracy, and the elimination of any outdated/unused data.

If you are considering or have business dealings in the EU, Sense of Security can assist you with preparation relating to the EU General Data Protection Regulation (GDPR) and any global exposure you may have.