ICO delays fines during pandemic

The UK Information Commissioner’s Office has deferred £280 million in fines handed out to Marriott Hotels and British Airways and for data breaches.

The figures involved are the biggest fines levied under the GDPR so far, but this news comes at a highly sensitive time.

This is the second time the fines have been delayed. Back in January, both companies used the ICO’s quasi-appeal mechanism to successfully postpone their fines for three 


Both companies are struggling due to the current pandemic and the consequent huge reduction in travel.

Marriot has been hit by cancelled planned trips due to Covid-19 and CEO Arne Sorenson, announced he would be taking a salary cut for the rest of the year. In addition, the company also suffered a second major breach last month affecting 5.2 million customer records.

Last week BA furloughed more than 30,000 staff until the end of May under the UK government scheme. BA’s parent, IAG, also announced a reduction in seat capacity by 90% in April and May compared with last year.

Jean-Michel Franco, Senior Director Data Governance at Talend commented on the planned delays: “At a time when it is facing unprecedented stress, the impact of a similar fine on the NHS doesn’t bear thinking about. Of all the ICO fines issued in the UK for breaches of data regulations since 2010, 54 per cent went to public sector organisations with the NHS receiving the second highest number of fines. The penalties now under GDPR are potentially so much larger and as such could have a really critical impact on businesses and public sector organisations at a time when they can least afford them. 

“This news of the temporary reprieve for BA and Marriott shows that the regulator is being sensitive to the current climate in which firms are operating which definitely feels like the right thing to do. That should be a welcome indication for organisations in both public and private sectors, but it doesn’t mean anyone can take their eyes off the ball when it comes to ensuring good data security and governance.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.