09.07.2019 | KPMG Law Insights

Fine of around 205 million euros for inadequate safety measures

By Sebastian Hoegl, LL.M. (Wellington), Maik Ringel

Fine of around 205 million euros for inadequate safety measures

The UK’s Information Commissioner’s Office (ICO) today announced that it has fined British Airways £183.39 million for failing to take sufficient measures to protect personal data. Last year, approximately 500,000 users of British Airways’ website were redirected by hackers to their own website, allowing them to obtain information including booking details, names, address details and credit card information. In the view of the supervisory authority, this was made possible by inadequate security measures taken by the airline. The latter has announced that it will appeal the fine.

The fine might have been significantly higher if British Airways had not cooperated extensively with the authority and improved its own security measures. In any case, such behavior has led German regulators to reduce fines in the past.

Regardless of the outcome of the further proceedings, the ICO’s decision is in line with the already observed practice of imposing heavy fines, in particular for violations of the provisions of the GDPR to ensure the security of personal data. Their importance in practice can therefore hardly be overestimated. On the other hand, those who, as data controllers, neglect the security of personal data out of disinterest or even for cost reasons will expose themselves to the risk of high fines in the future. In addition to these fines, there are other risks, such as reputational risks or the risk of further regulatory measures, such as the (temporary) prohibition of individual processing operations.”

Explore #more

10.10.2025 | In the media

KPMG Law guest article in NZG: Compliance due diligence in SMEs: Minimum scope and contractual mapping of compliance risks of the target company

In the context of M&A transactions, compliance usually still plays a subordinate role in legal due diligence. The purpose of this article is, on…

10.10.2025 | In the media

KPMG Law honored at the M&A Award Night 2025

KPMG Law has been awarded the “M&A Transaction Advisory” prize at this year’s M&A Award Night of the Bundesverband Mergers & Acquisitions e.V. (BM&A) and…

10.10.2025 | In the media

KPMG Law guest article in CCZ: The guide for compliance management systems in small and medium-sized enterprises (DIN SPEC 91524)

Compliance in SMEs is challenging: the legal responsibility for compliance is undisputed, but the specific tasks are unclear and depend on the specific situation of…

10.10.2025 | KPMG Law Insights

Transformation in legal departments in 2026 – the most important trends and best practices

Three topics in particular are currently driving the transformation of the legal department: AI, the rapid increase in regulation and geopolitical developments. There has always…

08.10.2025 | Deal Notifications

KPMG advised Adiuva Capital GmbH with Fact Books on the sale of KONZMANN Group

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) advised Adiuva Capital GmbH, a Hamburg-based private equity firm (“Adiuva“), in connection with the…

06.10.2025 | KPMG Law Insights

What the Green Claims Directive means for companies – an overview

With the Green Claims Directive, the EU will introduce extensive regulations on the requirements for permissible environmental claims. The aim is to prevent greenwashing so…

03.10.2025 | Deal Notifications

KPMG Law and KPMG support the restructuring of Groupe CAT in Germany

KPMG Law Rechtsanwaltsgesellschaft (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) advised Groupe CAT on comprehensive restructuring measures with a cross-service team. Over a period of…

02.10.2025 | Deal Notifications

KPMG Law advises Epitype GmbH and MDG Molecular Diagnostics Group GmbH on the acquisition of significant assets of oncgnostics GmbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided comprehensive legal advice to Epitype GmbH, a company of the Dresden-based MDG Group, on the formation and subsequent…

02.10.2025 | In the media

KPMG Law Statement in ZEIT for entrepreneurs: We’ll take the 500 billion!

German construction companies are asking themselves: how quickly will the money come from the government? And they are worried that only the giants will benefit.…

01.10.2025 | KPMG Law Insights

Federal Network Agency reforms special network charges for industry and commerce

The Federal Network Agency is planning a fundamental reform of the special network charges for energy-intensive companies. Any change to the current privilege regime entails…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.