The GDPR fines hitting major corporations are serving as warnings to some of the biggest global companies.
The two big stories today involve record penalties for what European regulators have determined negligence in the handling of data.
The first is the infamous Marriott breach which affected some 500 million customers at the end of 2018. At the time, the effects of the breach were immediate. The company’s stock fell more than 5.5 percent and several lawsuits were filed in the days after reports of the breach. It was only a matter of time until the day of reckoning with GDPR administrators would come. The British Information Commissioner’s Office (ICO) that is in charge of implementing GDPR in the U.K. proposed a £99.2 million fine (USD $124,376,960.) for Marriott. The ICO reported that approximately 30 million of the hacked guest records related to residents of countries in the European Economic Area. Seven million related to U.K. residents.
The second instance occurred only a few days earlier when the ICO slapped a £183 million fine (USD $229,390,500.) on British Airways for a major breach last year. The ICO said that “poor security arrangements” at the company lead to the breach of credit card information, names, addresses, travel booking details, and logins for around 500,000 customers.
If executed, these will be the largest GDPR fines to date. The fine that held that record until now, one issued to Google earlier this year, was almost half of even the smaller Marriott fine. Experts are pointing out that these penalties are causing major concern in the top offices of the likes of Facebook and Google, companies whose entire service relies heavily on untold volumes of personal data. The clamping down of regulators will almost certainly have an effect on the way these and other similar firms govern their services.