GDPR superpowers lead to whopper ICO fines for BA, Marriott

  • Brace yourself, o ye spillers of data: the fury and the might of the GDPR has been unleashed this week, and lo, it is mighty, scary, and really, really expensive.
  • The UK’s Information Commissioner’s Office (ICO), pumped up with its newfound General Data Protection Regulation (GDPR) legal testosterone, has plans to uber-fine both Marriott and British Airways (BA) for data breaches.
  • On Monday, the ICO said that it’s looking to fine BA a record £183.39 million (US $229.34 million) for a breach discovered in September 2018.
  • Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset.
  • Treat the cloud like any other computer: close unwanted ports and services, encrypt data, and ensure that you have proper access controls in place.

Read full article: nakedsecurity.sophos.com

ICO