Last week was packed in terms of new developments in the area of privacy. On Monday 8th July, the UK's data protection authority, the Information Commissioner’s Office (the ICO), announced its intention to fine British Airways in the amount of £183,390 million (equivalent to about EUR 204 million, which according to media reports, is about 1.5% of the company's worldwide turnover last year) for infringements of the EU General Data Protection Regulation (GDPR). The proposed fine relates to a cyber incident involving user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were allegedly harvested by attackers. The ICO’s investigation found that a variety of information of approximately 500,000 customers was compromised in this incident, including log in, payment card, and travel booking details as well name and address information.
On June 24th, 2013, the European Commission adopted a new Regulation No 611/2013 (the "Regulation") on the measures applicable to the notification of personal data breaches under the Directive