Last week was packed in terms of new developments in the area of privacy. On Monday 8th July, the UK's data protection authority, the Information Commissioner’s Office (the ICO), announced its intention to fine British Airways in the amount of £183,390 million (equivalent to about EUR 204 million, which according to media reports, is about 1.5% of the company's worldwide turnover last year) for infringements of the EU General Data Protection Regulation (GDPR). The proposed fine relates to a cyber incident involving user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were allegedly harvested by attackers. The ICO’s investigation found that a variety of information of approximately 500,000 customers was compromised in this incident, including log in, payment card, and travel booking details as well name and address information.
Today a landmark has been reached. The General Data Protection Regulation (GDPR) has been published in the Official Journal of the European Union. From tomorrow the 20 day countdown until the GDPR comes into force on 25 May 2016 begins. The Regulation will not be applicable though until 25 May 2018 due to its two year implementation period. It is considered to be the most remarkable thing to have happened in data protection over the last 20+ years. During this period the concept of data protection has firmly transitioned itself from the side lines to centre stage. Here we explain why you need to begin to plan for the GDPR now.