The EU imposed record fines this week on British Airways and Marriott, in fact the largest fines under the General Data Protection Regulation (GDPR) which is just over one year old.
The U.K. Information Commissioner’s Office (ICO) proposed a fine of British Airways $230 million for an incident that compromised the data of 500,000 customers.
The ICO proposed a $123 million fine of Marriot for the loss of 339 million customer records, a breach which was first reported in November 2018.
Both companies can respond to the fine proposals before the ICO issues a final decision, and both companies said they will appeal the decision.
The maximum GDPR fine is 4% of a company’s global turnover. The fines for BA and Marriott both represented 1.5% of their turnover.