Home Blog GDPR Means Business - British Airways Penalized GDPR Means Business – British Airways Penalized BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. GDPR means business. Proof? British Airways is currently facing a record fine of £183 million (~$221 million US) over last year’s major data breach that affected more than 500,000 customers. This ruling is significant for a number of reasons: This penalty is the first one to be made public since GDPR rules were introduced making it mandatory to report data security breaches to the information commissioner. It is the most expensive penalty, per victim, imposed by the EU, crushing the £500,000 (~$604K US) fine leveled against Facebook in 2018 by standards established in the Data Protection Act of 1998. This second point is quite significant when you look at the figures. British Airways had 500,000 customers affected with an incurred penalty of £183 million (£366/victim), whereas Facebook was penalized £500,000 for affecting as many as 87 million users (£.006/victim) for the Cambridge Analytica scandal. All of this is due to the heightened awareness regarding data privacy and the new laws in governing its protection. The penalties are not meant to incapacitate companies financially. They are based upon the organization’s annual global turnover and can be levied up to 4% of that figure. This is the initial established guideline that aims at trying to create penalties that are large enough to become a deterrent and encourage companies to behave responsibly, without crippling them in the short term. Subsequent to this first levied fine, it is apparent that the authorities mean business. It is likely that we will see more judgements being made public to further spread the word. Data protection and privacy have become critical components in modern business affairs, and organizations must begin addressing these concerns to protect their customers and make every effort to avoid security breaches, or suffer the consequences. Share: Facebook Twitter LinkedIn Related reading Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more Why Bluevoyant BlueVoyant Research: Majority of Firms Have Suffered a Direct Cybersecurity Breach Caused by a Third-Party Vendor October 14, 2021 BlueVoyant commissioned its second annual insightful survey: “Global Insights – Managing Cyber Risk Across the Extended Vendor Ecosystem.” Read more
BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. GDPR means business. Proof? British Airways is currently facing a record fine of £183 million (~$221 million US) over last year’s major data breach that affected more than 500,000 customers. This ruling is significant for a number of reasons: This penalty is the first one to be made public since GDPR rules were introduced making it mandatory to report data security breaches to the information commissioner. It is the most expensive penalty, per victim, imposed by the EU, crushing the £500,000 (~$604K US) fine leveled against Facebook in 2018 by standards established in the Data Protection Act of 1998. This second point is quite significant when you look at the figures. British Airways had 500,000 customers affected with an incurred penalty of £183 million (£366/victim), whereas Facebook was penalized £500,000 for affecting as many as 87 million users (£.006/victim) for the Cambridge Analytica scandal. All of this is due to the heightened awareness regarding data privacy and the new laws in governing its protection. The penalties are not meant to incapacitate companies financially. They are based upon the organization’s annual global turnover and can be levied up to 4% of that figure. This is the initial established guideline that aims at trying to create penalties that are large enough to become a deterrent and encourage companies to behave responsibly, without crippling them in the short term. Subsequent to this first levied fine, it is apparent that the authorities mean business. It is likely that we will see more judgements being made public to further spread the word. Data protection and privacy have become critical components in modern business affairs, and organizations must begin addressing these concerns to protect their customers and make every effort to avoid security breaches, or suffer the consequences. Share: Facebook Twitter LinkedIn Related reading Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more Why Bluevoyant BlueVoyant Research: Majority of Firms Have Suffered a Direct Cybersecurity Breach Caused by a Third-Party Vendor October 14, 2021 BlueVoyant commissioned its second annual insightful survey: “Global Insights – Managing Cyber Risk Across the Extended Vendor Ecosystem.” Read more
Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more
Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
Why Bluevoyant BlueVoyant Research: Majority of Firms Have Suffered a Direct Cybersecurity Breach Caused by a Third-Party Vendor October 14, 2021 BlueVoyant commissioned its second annual insightful survey: “Global Insights – Managing Cyber Risk Across the Extended Vendor Ecosystem.” Read more
