Data protection: Should businesses be worried?
With British Airways (BA) and Marriott receiving notices of proposed fines from the Information Commissioner’s Office (ICO), the regulatory body that enforces data protection policies in the UK, businesses should be taking proactive steps to implement good data protection practices. Provisionally, the fines stand at £189.39m for BA and £99.2m for Marriott, although the actual amounts are to be determined following negotiations between the ICO and the offenders. The fines demonstrate the importance of businesses taking the necessary steps to protect personal data and to carry out appropriate levels of due diligence in corporate mergers and acquisitions.
The ICO itself was using implied consent for users that were browsing its website on mobile devices, which means that cookies were used automatically unless the user changed the settings, thus breaching the GDPR. The ICO has admitted to the breach and it has stated that it is in the process of updating its policy. This highlights the importance for businesses to take responsibility whilst fixing any potential breaches. With even the ICO breaching GDPR, expert advice is essential.
If you would like to discuss how BakerLaw can help, please contact Simon Porter by emailing firstname.lastname@example.org or calling 01252 730 754.
This article is not a definitive statement of the law. It is designed as a free update on the law at the time of publishing. It is not a substitute for legal advice on specific facts and circumstances. BakerLaw LLP and/or the writer accepts no liability or responsibility for reliance on this article and recommends that you seek independent legal advice on your specific circumstances prior to taking any steps.