The EU imposed record fines this week on British Airways and Marriott, in fact the largest fines under the General Data Protection Regulation (GDPR) which is just over one year old.
The U.K. Information Commissioner’s Office (ICO) proposed a fine of British Airways $230 million for an incident that compromised the data of 500,000 customers.
The ICO proposed a $123 million fine of Marriot for the loss of 339 million customer records, a breach which was first reported in November 2018.
Both companies can respond to the fine proposals before the ICO issues a final decision, and both companies said they will appeal the decision.
The maximum GDPR fine is 4% of a company’s global turnover. The fines for BA and Marriott both represented 1.5% of their turnover.
The ICO said both companies cooperated fully with their respective investigations.
This makes the stakes particularly high for tech companies like Google and Facebook, which are either currently under investigation in the EU, and for whom the legislation essentially was tailor-made. Google could face a fine of up to $5 billion, and Facebook up to $2.2 billion, based on both companies’ annual…
