£42m in Data Breach Fines Issued to Businesses in 2020

The Information Commissioner’s Office (ICO) hit UK businesses with £42m in data breach fines last year.

Fines were given out as a result of breaches of the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA)

One of the largest data breach fine was handed to British Airways with just over half of the £42.41m total being paid by the airline, following a 2018 cyber attack which saw over half a million of its customers’ details stolen by cyber criminals.

While the £20m BA fine was reduced from an initial fine of £183m due to the impact of the COVID-19 pandemic, an investigation finding that the DPA had been breached. The ICO said that BA was processing “a significant amount of personal data without adequate security measures in place”, which led to the large fine.

Millions of pounds worth of fines were also issued to Marriott International Inc (£18.4m) and Ticketmaster LTD (£1.25m), but the rest of the 14 fines were handed out to smaller businesses. Industries hit the most were the marketing and transport and leisure sectors.

Data security must be a priority

The news highlights the need for businesses to improve their data management policies and secure the data they hold correctly. With the COVID-19 pandemic, many companies might have prioritised other areas of their business, forgetting about improvements to their cyber security measures.

The result, unfortunately, for some, has seen data breach fines of thousands hitting them, alongside the problems caused by the pandemic. Neuways advises implementing a multi-layered Business Continuity & Disaster Recovery plan to ensure that data protection and GDPR guidelines are adhered to.

Microsoft 365 security isn’t enough

While many Microsoft 365 users might assume that their Microsoft apps ensure their data is protected and backed up safely, that’s not always the case. In fact, Microsoft themselves suggest businesses should consider using a dedicated backup specialist to ensure their data is fully protected and retrievable. If not, businesses run the risk of losing their data due to a devastating cyber attack.

To make matters worse, the ICO handed out three court orders for winding-up petitions last year, which shows the impact these types of data breach fines can have on businesses who haven’t got their Business Continuity & Disaster Recovery plan in place.

Speak to the experts at Neuways today and avoid becoming the next company to be fined for poor data management policies.

Call us on 01283 753333 or email hello@neuways.com

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

£42m in Data Breach Fines Issued to Businesses in 2020

Data security must be a priority

Microsoft 365 security isn’t enough

Sign up for our weekly news

Our Services

Resources

Company

Contact us