Categories
Life with GDPR

Episode 36- Extension of BA Response Time


In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox are back to discuss the recent ICO announcement that it was extending the time for British Airways and Marriott to respond to its proposed fine and penalty. Some of the highlights in this episode include:

  1. What makes the background of the case so complex?
  2. What did the ICO say and why did they extend the deadline for BA to respond?
  3. What are some of the possible reasons for the delay?
  4. What if anything does Brexit have to do with this?
  5. In view of Brexit, will the EU be watching the ICO in this matter?
  6. What might be the relationship between the ICO and EU on data privacy going forward?
  7. Background of British Airways (BA) enforcement action.

Resources
Is the BA Fine in the Departure Lounge?
Cordery Breach Navigator

Categories
Life with GDPR

Life With GDPR: Episode 30- British Airways GDPR Enforcement Action

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we discuss the recently announced proposed fine by the UK Data Protection Regulator against British Airways (BA) after its data breach. She intends to fine the airline £183.39 million (approximately $230MM).
Some of the highlights in this episode include:
  1. This proposed fine represents the largest GDPR fine in the UK.
  2. As the fine is now open to comment by BA and other national data protection regulators, the amount of the final fine may change.
  3. The BA CEO comes out swinging against this fine.
  4. What was the role of the ICO as ‘lead regulator’?
  5. Will BA’s tone-deaf posturing hurt or help it with the final penalty?
  6. What did BA know and when did they know (yes that is the famous Watergate question) will be a critical analysis.
  7. What remedial measures did BA engage in after it became aware of the breach?
  8. What are the lessons to be learned by the data privacy officer?
For more information on Cordery Compliance, go their website here.
For additional reading see the Cordery Compliance article, “UK Data Protection Regulator Announces Intention to Fine BA after Data Breach”.
Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.