Time for the resignation of BA's CEO
Sep 8, 2018, 8:35 am
#91
Join Date: Jul 2011
Programs: BA Gold
Posts: 629
The maximum fine under GDPR is €20m or 4% of global turnover. The UK Information Commissioner will assess the fine based on not only how serious the breach is but also how BA dealt with the breach. Any actual fines are well down the road at present.
In the U.K. fines go to the Treasury who sometimes do allocate it to charitable causes but that is quite rare. I recall some banking fines have been spent this way but that was unusual.
None of the fine will be paid to any of those affected BA may offer those affected a goodwill gesture - some avios or Ł off of future flight.
In addition to the fine BA has promised to reimburse people if there are any fraudulent transactions on their cards plus of course there will be internal costs for dealing with the breach. And in the short to medium term there may be a loss of revenue if people don’t book future flights (but then again how many people have said ‘never flying BA again’ yet do once there is a sale on.
So all in all this has the potential to cost BA a lot of money.
Sep 8, 2018, 9:01 am
#94
Join Date: Sep 2005
Programs: AC MM E50 , Former SPG, now Marriott LT Plat
Posts: 6,250
Sep 8, 2018, 9:07 am
#96
Moderator: British Airways Executive Club, Iberia Airlines, Airport Lounges and Environmentally Friendly Travel
Join Date: Jan 2003
Location: London, UK
Posts: 22,209
The maximum fine under GDPR is €20m or 4% of global turnover. The UK Information Commissioner will assess the fine based on not only how serious the breach is but also how BA dealt with the breach. Any actual fines are well down the road at present.
In the U.K. fines go to the Treasury who sometimes do allocate it to charitable causes but that is quite rare. I recall some banking fines have been spent this way but that was unusual.
None of the fine will be paid to any of those affected BA may offer those affected a goodwill gesture - some avios or Ł off of future flight.
In addition to the fine BA has promised to reimburse people if there are any fraudulent transactions on their cards plus of course there will be internal costs for dealing with the breach. And in the short to medium term there may be a loss of revenue if people don’t book future flights (but then again how many people have said ‘never flying BA again’ yet do once there is a sale on.
So all in all this has the potential to cost BA a lot of money.
What is the maximum administrative fine under the GDPR?
There are two tiers of administrative fines that can be levied as penalties for non-compliance:
1. Up to €10 million, or 2% annual global turnover – whichever is higher.
2. Up to €20 million, or 4% annual global turnover – whichever is higher.
The administrative fines are discretionary rather than mandatory; they must be imposed on a case-by-case basis and must be “effective, proportionate and dissuasive”.
The fines are based on the specific articles of the Regulation that the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be subject to the lower level, whereas infringements of an individual’s privacy rights will be subject to the higher level.
Making sure that your organisation is compliant to the GDPR can reduce the change of incurring an administrate fine.
How are GDPR fines applied?
When deciding whether to impose a fine and the level, the ICO must consider:
* The nature, gravity and duration of the infringement;
* The intentional or negligent character of the infringement;
* Any action taken by the organisation to mitigate the damage suffered by individuals;
* Technical and organisational measures that have been implemented by the organisation;
* Any previous infringements by the organisation or data processor;
* The degree of cooperation with the regulator to remedy the infringement;
* The types of personal data involved;
* The way the regulator found out about the infringement;
* The manner in which the infringement became known to the supervisory authority, in particular whether and to what extent the organisation notified the infringement;
* Whether, and, if so, to what extent, the controller or processor notified the infringement; and
* Adherence to approved codes of conduct or certification schemes.
Source: https://www.itgovernance.co.uk/dpa-and-gdpr-penalties
There are two tiers of administrative fines that can be levied as penalties for non-compliance:
1. Up to €10 million, or 2% annual global turnover – whichever is higher.
2. Up to €20 million, or 4% annual global turnover – whichever is higher.
The administrative fines are discretionary rather than mandatory; they must be imposed on a case-by-case basis and must be “effective, proportionate and dissuasive”.
The fines are based on the specific articles of the Regulation that the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be subject to the lower level, whereas infringements of an individual’s privacy rights will be subject to the higher level.
Making sure that your organisation is compliant to the GDPR can reduce the change of incurring an administrate fine.
How are GDPR fines applied?
When deciding whether to impose a fine and the level, the ICO must consider:
* The nature, gravity and duration of the infringement;
* The intentional or negligent character of the infringement;
* Any action taken by the organisation to mitigate the damage suffered by individuals;
* Technical and organisational measures that have been implemented by the organisation;
* Any previous infringements by the organisation or data processor;
* The degree of cooperation with the regulator to remedy the infringement;
* The types of personal data involved;
* The way the regulator found out about the infringement;
* The manner in which the infringement became known to the supervisory authority, in particular whether and to what extent the organisation notified the infringement;
* Whether, and, if so, to what extent, the controller or processor notified the infringement; and
* Adherence to approved codes of conduct or certification schemes.
Sep 8, 2018, 9:08 am
#97
Join Date: Sep 2003
Location: OSL
Posts: 2,638
Sep 8, 2018, 9:25 am
#99
FlyerTalk Evangelist
Join Date: Aug 2000
Location: London
Programs: Hilton, IHG - BA, GA, LH, QR, SV, TK
Posts: 17,005
The fines are based on the specific articles of the Regulation that the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be subject to the lower level, whereas infringements of an individual’s privacy rights will be subject to the higher level.
Making sure that your organisation is compliant to the GDPR can reduce the change of incurring an administrate fine.
After all, awkward grammar and spelling mistakes are the first warning that all might not be well in mails purporting to come from banks, Nigerian princes, James Hillier et al
Sep 8, 2018, 9:26 am
#100
FlyerTalk Evangelist
Join Date: Nov 2011
Location: Brighton. UK
Programs: BA Gold / VS /IHG Diamond & Ambassador
Posts: 14,166
I posited elsewhere that I could see BA being fined tens if millions of ŁŁ pour encourager les autres and the ICO will take it's time to (a) investigate and (b) assess the fine in terms of not only the volume and data revealed but also taking into account how BA dealt with it. Of course they have a lot on their plate with several other major breaches recently and as GDPR is still new there is little if any record of what fines have been levied.
And despite what some on here and elsewhere have said BA have been praised for their swift handling of the issue once it became known Computer Weekly and the ICO will take that into account.
Sep 8, 2018, 10:04 am
#103
FlyerTalk Evangelist, Ambassador, British Airways Executive Club
Join Date: Jun 2008
Location: Somewhere between 0 and 13,000 metres high
Programs: AF/KL Life Plat, BA GGL+GfL, ALL Plat, Hilton Diam, Marriott Gold, blablablah, etc
Posts: 30,494
as for filling planes, even AZ at the height of its crisis had full planes. Yields matter a lot more.
there is no doubt BA is currently profitable and has been for years on the back of a strong economy. Times of economic challenges will be the acid test of whether this has been due to a sound model or more to favourable economic conjuncture.
Sep 8, 2018, 10:07 am
#104
FlyerTalk Evangelist, Ambassador, British Airways Executive Club
Join Date: Jun 2008
Location: Somewhere between 0 and 13,000 metres high
Programs: AF/KL Life Plat, BA GGL+GfL, ALL Plat, Hilton Diam, Marriott Gold, blablablah, etc
Posts: 30,494
Sep 8, 2018, 10:08 am
#105
Join Date: Jun 2014
Programs: Executive Club: Gold - Flying Blue: Gold
Posts: 1,381
Alex Cruz has been good to shareholders and awful to customers and employees. Some are happy with that. Some aren’t impressed. And I am not impressed at all as he’s transformed the airline from a good one to a very average one (and I am being very generous). So yes he has to go!
