- The ICO has published a notice of its intent to fine British Airways £183.39 million for its 2018 data breach where the personal data of 500,000 customers was stolen by hackers;
- This is the first ‘mega fine’ issued by a European data regulator since the implementation of the GDPR;
- The ICO acted as lead supervisory authority and has confirmed that it has been liaising with other EU privacy regulators;
- No details have yet been published by the ICO regarding the specific GDPR infringements involved;
- British Airways now has the chance to respond to the notice of intent, after which a final decision will be made by the ICO.