Three years of GDPR: the biggest fines so far

GDPR governs the way organisations that operate within the EU can use, process and store consumers' personal data. The legislation replaced older data protection laws, and while it was drafted in Europe, regulators can fine organisations anywhere in the world which target or collect data in the EU. There are two tiers of penalties, with a maximum of 20m euros or 4% of global revenue. Through the data breach, hackers were able to harvest the personal data of about 500,000 consumers. The leaked data included login and travel booking details, names, addresses and credit card information. "British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft, he said."

Read the full story

 Related companies

Make a complaint about British Airways by viewing their customer service contacts.

•