Over £280m in fines could be given to Hotel and Airline Giants due to GDPR Breach.

10 Jul 2019 By Panayiotis Z. Toulouras LLC

Marriott could be fined £100m for GDPR violation – Hotel

Marriott, the hotel chain that manages and franchises a great portfolio of hotels could be facing a fine up to £100m for a breach of personal data that exposed early 400 million guests.

The chain’s database was hacked with millions of guest records, passport details and credit card records being in the hacker’s hands. To make matters worse, the breach had been recorded from 2014 but until discovered towards the end of 2018.

The U.K.’s leading body for upholding the personal data rights of consumer, Information Commissioner’s Office (ICO), stated in their report that they found that Marriott did not take adequate due diligence during its purchase of the Starwood group and more should have been done to secure and limit exposure to breach.

British Airways could be fined £183m for GDPR violation – Airline

British Airways could be facing a possible fine of £183m (around 1.5% of their annual revenue) for the breach experienced last year in their security systems. The breach resulted from a website failure which happened to compromise the person details of nearly 500,000 of their customers who had booked through their website or app. Hackers were able to steal the card details customers, with compensation charges given by BA raking up to £56m alone so far.

If the hefty penalty is handed out by the ICO in the United Kingdom, it could be the largest fine given so far under the new EU General Data Protection Regulations (GDPR) established in May 2018.

The ICO had said that the reasons behind this breach was the weak security measures in place by BA which could have been avoided if the GDPR was followed step by step.

Protect your organization and your customers right – Data Protection Services

When any type of organization, processes and accepts to handle the personal data of any person it has a duty to undertake the right procedures and assessments to protect them. When they fail to do so, this can have dire results for both customers and organisations. Smaller organisations could suffer even more from a possible breach as a combination of heavy fines and loss of business and consumer confidence could be difficult to overcome.

As such the new GDPR Regulations will not be lenient with organisations that fail to follow protocol with huge fines possible, up to €20 million, or 4% annual global turnover whichever is greater.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. Our law firm effectively assists our clients to meet all legal obligations and to avoid situations like BAs. For any enquiries or assistance, feel free to contact us at [email protected] or call us directly at +357 24 623 800. For more information visit