While most of us probably don’t pay much attention to the laws in Europe, the nature of the internet means that what happens in one place can affect citizens around the globe. With regard to the General Data Protection Regulation (“GDPR”), the EU’s stringent new data privacy law that went into effect in May 2018, we have already seen it change the face of the web by requiring companies to disclose how they use cookies when you land on a site. Today, we see the beginning of another consequence. The ICO (the organization that enforces the GDPR) fined British Airways nearly $230 million for a data breach last year as part of a magecart credit card skimming attack. (You can read what I wrote about magecart here.) There is still a chance that the fine will change, but it shows that the GDPR is serious business. While the rules allow the fine to be up to 4% of annual turnover, this fine ends up being just about 1.5% of British Airways annual revenue. With approximately 500,000 people affected by the breach, the fine amounts to $460/person. This should serve as a stark warning that data privacy is serious business and not to be ignored.
Privacy and Data Security