Some organisations are finding out that GDPR is no joke. In the last week the ICO has announced much to BA’s “surprise and disappointment” that it will be looking to impose a £183 million fine for its catastrophic data breach last year which resulted in the loss of 500,000 customers’ personal information.

Currently two schools of thought exist – one that believes the airline has got off lightly as the fine represents just 1.5 per cent of the company’s revenue, rather than the 4 per cent the ICO can impose; whilst the other thinks that in comparison to Facebook’s £500,000 fine; which was issued prior to GDPR coming into force, this fine is too much.

Marriott has also fallen foul of the ICO with the Office announcing that it intends to fine the hotel company £100 million after hackers stole the records of 339 million guests including credit card details, passport numbers and dates of birth. Clearly this information is going to keep identity fraudsters very busy.

Whether you believe the fines are fair or not (unsurprisingly both organisations intend to appeal), what this shows is that GDPR is not something that can be taken lightly. Data is now arguably the most valuable asset a business can have. Not just in terms of its absolute value in how it can help enhance the customer experience and increase the bottom line, but in terms of how much it will cost if it isn’t looked after correctly.

These fines are an indication of how seriously the ICO takes data security and organisations that don’t take a cue from this will likely find themselves in hot water in the future.

If you want to know and understand more about the way data is changing the world you live in, or would like to know how data can add value to your business, please email me at


Dave Gurney

CEO, Alchemetrics - Expert in Data & Digital Marketing
enabling senior marketers to value from engaging customers online.