Ever since the Information Commissioner issued British Airways with a notice proposing to impose a massive fine of £183.39m for a data breach incident in 2018, we have all be waiting with bated breath to see how that process would conclude. A fine at that level would have been the largest ever issued by a data protection regulator in Europe, and would have dwarfed the eye-watering €50m proposed by the French data protection authority CNIL in respect of Google’s advertisement personalisation practices, affecting millions of French citizens. The prospect of BA, a corporate victim of a criminal cyber-attack affecting around 400,000 people’s (mostly payment-card) data, being subject to fine in excess of 4x as large certainly grabbed the headlines. Read more »