Shock British Airways and Marriott fines put spotlight on insurance

Last week it was announced that both British Airways and hotel group Marriott International were to be fined by the Information Commissioner’s Office (ICO) under the GDPR in relation to data breaches. Marriott, a US company, was told it was getting a £99 million fine for an incident in November 2018 when 339 million of their customers globally, 30 million from the EU, had their details exposed. Meanwhile, a record £138 million fine for British Airways, which saw hackers’ access 500,000 of its customers’ data, was a bigger shock to many. Richard Breavington, partner at professional services firm RPC, said while the numbers were quite big, we could see even bigger fines dished out in the future. “They are surprisingly large figures although even those are well short of what the maximums could be,” he said. “They probably did take people by surprise in terms of the sheer size.”