British Airways

EU GDPR’s Big Win Over British Airways

In case you don’t know what the EU GDPR is, the EU General Data Protection Regulation (GDPR) was put into effect a year ago but it has helped shape the way the rest of the world treats consumers’ data rights and privacy. With stricter regulations and higher fines for data breaches, it has become widely influential to international and local governments current and future treatment of data privacy. For example, on January 1, 2020 the California Consumer Privacy Act (CCPA) will be implemented, mimicking the EU’s GDPR and will establish a standard for transparency and protection of consumers’ data. 

Now after a year, the EU GDPR just landed a huge win for consumers’ privacy rights and has issued a fine of $228 million to British Airways for a data breach in September of 2018.

Reported by Mark Rogan from, the data of over 500,000 users was taken from people attempting to look up flights on the British Airways website. Instead of getting the British Airways website however, they were redirected to an ominous fake website ripping their data. British Airways was fined 1.5% of their revenue in the year 2017, but this is a clear indication that legislators are willing to impose huge fines on these massive data breaches and will continue to. 

British Airways is the first example of what many data privacy experts hope to be the standard when judging and imposing legislation against companies who believe they have enough money to overcome any issue. The EU GDPR considers the size of the company, the size of the data breach, and will fine companies up to 4% of their global revenue. The harsh but validated fine for British Airways is only the beginning and with more legislation being passed globally it seems the world is starting to realize more people care about their data and privacy.