Go ahead given for class action against British Airways over data security breach

Derby Office Icon

Last Friday, the green light was given for British Airways customers to bring a class-action against the airline over its 2018 data security breach.

This wasn’t really a surprise, but it now means that, in addition to facing a fine of over £183 million, British Airways now also faces a substantial compensation payout (it is estimated that around 500,000 customers were affected by the data breach).

Importantly, the GDPR makes it clear that, in addition to being able to claim for financial losses (such as losses resulting from fraudulent transactions), individuals who are affected by a data breach can also bring claims for ‘non-material loss’. This includes psychological damage or distress.

It is yet to be seen how the claimants’ lawyers will go about proving that psychological damage or distress has been suffered by their clients. However, if they are able to meet the requisite burden of proof, this will greatly increase British Airways’ compensation bill. It will also make it more likely that we will see similar class actions in the future.

The eventual financial repercussions for British Airways – taking into account both the fine and compensation payments – are likely to be at the top end of the scale. Nevertheless, all organisations should very much view British Airways’ fate as a cautionary tale.

When commenting on the British Airways’ fine, Elizabeth Denham, the Information Commissioner, stated that “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

As a result, no matter what the size of your organisation, compliance with your security obligations under the GDPR is not something you can afford to ignore.

If you’d like more information about the compliance obligations under the GDPR relating to the security of personal data, please don’t hesitate to contact a member of our Information Law Team.

RELATED:   BRITISH AIRWAYS FACES £183M FINE FOR DATA BREACHEXPERTISE - GDPR


MORE FROM THE ADVICE CENTRE

News

Growth and expansion for Geldards Public Sector England Team
19/11/2019
Geldards Public Sector England Team continues to grow and expand the team and it’s reach across England for its public sector work. The team is led by Partner Tiffany Cloynes, who has an excellent reputation and extensive experience and is recognised as a leader in her field by clients and the legal press.
more...

Events

NFDA EV Marketplace Seminar
09/01/2009
3rd December 2019
Geldards Automotive team would like to share with you the latest event by accountants, MacIntyre Hudson - the NFDA EV Marketplace Seminar on 3rd December 2019, which will provide dealers with an ideal opportunity to hear EV keynote speakers explore the challenges and opportunities facing this sector.
more...

Blogs

Let’s keep our eyes on the prize
29/10/2019
It takes experience, wisdom and sometimes even a bit of courage to stand back from the frenetic day-to-day environment and see the bigger picture. That or turning off Twitter…We enter the autumn stretch of the year with typical weather, mixed reports about the state of the economy, patchy performance on the sporting field and what now appears to be routine chaos in politics.
more...

Publications

Salus – Wealth and Family Protection
02/10/2018
Salus Magazine is brought to you by the Private Client team at Geldards to help you protect your wealth and family.
more...

Content Contacts

PARTNER

Lowri Phillips

LOWRI PHILLIPS

Partner, Cardiff

+44 (0)29 2039 1758
email
more...

PARTNER

Michelle Craven-Faulkner

MICHELLE CRAVEN-FAULKNER

Partner, Nottingham

+44 (0)1332 378 391
email
more...