If anyone is still thinking that GDPR is simply a box ticking exercise, the news today that British Airways have been fined £183m for a data breach first disclosed in September 2018 should make you think again.
The previous record fine imposed by the ICO was £500,000, levied on Facebook in the wake of the Cambridge Analytica scandal. The increase in potential fines is as a result of a law change that now allows fines of up to 4% of annual turnover. For anyone in charge of cybersecurity at a major corporation the message is clear - if you don't treat your customers' data with the utmost care expect severe punishment when things go wrong.
The ICO may seem to be concentrating their attentions on the high flyers at the moment but nobody can afford to have their heads in the cloud when it come to GDPR.