Go ahead given for class action against British Airways over data security breach

Derby Office Icon

Last Friday, the green light was given for British Airways customers to bring a class-action against the airline over its 2018 data security breach.

This wasn’t really a surprise, but it now means that, in addition to facing a fine of over £183 million, British Airways now also faces a substantial compensation payout (it is estimated that around 500,000 customers were affected by the data breach).

Importantly, the GDPR makes it clear that, in addition to being able to claim for financial losses (such as losses resulting from fraudulent transactions), individuals who are affected by a data breach can also bring claims for ‘non-material loss’. This includes psychological damage or distress.

It is yet to be seen how the claimants’ lawyers will go about proving that psychological damage or distress has been suffered by their clients. However, if they are able to meet the requisite burden of proof, this will greatly increase British Airways’ compensation bill. It will also make it more likely that we will see similar class actions in the future.

The eventual financial repercussions for British Airways – taking into account both the fine and compensation payments – are likely to be at the top end of the scale. Nevertheless, all organisations should very much view British Airways’ fate as a cautionary tale.

When commenting on the British Airways’ fine, Elizabeth Denham, the Information Commissioner, stated that “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

As a result, no matter what the size of your organisation, compliance with your security obligations under the GDPR is not something you can afford to ignore.

If you’d like more information about the compliance obligations under the GDPR relating to the security of personal data, please don’t hesitate to contact a member of our Information Law Team.

RELATED:   BRITISH AIRWAYS FACES £183M FINE FOR DATA BREACHEXPERTISE - GDPR


MORE FROM THE ADVICE CENTRE

News

Geldards maintains strong position in latest Chambers & Partners
10/10/2019
Geldards maintains its strong position in the has in the latest Chambers & Partners legal directory rankings and have again been recognised as a leading law firm in the annual guide to UK law firms.
more...

Events

Employment Law Update - 2019
01/01/2013
17th October 2019
Our autumn employment seminar will ensure you are up to date with developments in legislation and recent judgments in the constant evolution of employment law.
more...

Blogs

Thoughts from Europe - a MIPIM blog
19/03/2019
I am European, I feel European. Grinding my way around the major assembly that is the world at MIPIM, it’s such a reminder that even Europe is not the centre of most people’s universe.
more...

Publications

Salus – Wealth and Family Protection
02/10/2018
Salus Magazine is brought to you by the Private Client team at Geldards to help you protect your wealth and family.
more...

Content Contacts

PARTNER

Lowri Phillips

LOWRI PHILLIPS

Partner, Cardiff

+44 (0)29 2039 1758
email
more...

PARTNER

Michelle Craven-Faulkner

MICHELLE CRAVEN-FAULKNER

Partner, Derby

+44 (0)1332 378 391
email
more...