The Information Commissioner’s Office (ICO) has for the first time used new powers to punish companies that break laws protecting consumers’ data. British Airways and the Marriott hotel chain were the first firms targeted by the watchdog, which handed them fines totalling almost £300m.
Why has the ICO started handing out such huge fines?
In May last year, the powers of the ICO, along with its counterparts across Europe, were bolstered significantly with the introduction of the General Data Protection Regulation (GDPR). The much tougher EU-wide regulation surrounding the use consumer data, a necessary upgrade of weaker national data protection laws for the internet age, came with greatly enhanced powers to levy fines.
How much can the ICO fine a company?
To ensure companies take the new data protection rules seriously, GDPR gives data regulators the power to fine up to €20m (£18m), or 4% of annual global turnover, whichever is greater. The sum depends on the severity of the GDPR breach and factors including the level of…