Data breach fines set to rocket after limit is lifted
Penalties handed out to companies for customer data breaches could soon soar – with some potentially hitting hundreds of millions of pounds, legal experts say.
The warning comes after airline Cathay Pacific was given a maximum fine of £500,000 for a customer data protection failure.
It also followed an admission on Friday by Virgin Media that the personal details of almost a million of its customers had potentially been exposed.
Airline Cathay Pacific was given a fine of £500,000 for a customer data protection failure
Ryan Dunleavy, media disputes partner at Stewarts, said the maximum fine for breaches occurring before May 25, 2018, could be eclipsed by much larger penalties.
The latest breaches under General Data Protection Regulation rules which have since come into force will lead to fines of up to 4 per cent of a company’s global turnover.
Dunleavy said he had read the details in Cathay Pacific’s penalty notice and he suspected this was an instance where the regulator – the Information Commissioner’s Office – would impose a much higher fine if it were possible.
He said: ‘Fines can be eye-wateringly high under current rules, even for an incident which doesn’t involve passwords or financial details of consumers.
‘Virgin could be facing a fine of multiples of millions of pounds.’