Search
Contact
Back to overview
09.07.2019 | KPMG Law Insights

Fine of around 205 million euros for inadequate safety measures

By Sebastian Hoegl, LL.M. (Wellington), Maik Ringel

Fine of around 205 million euros for inadequate safety measures

The UK’s Information Commissioner’s Office (ICO) today announced that it has fined British Airways £183.39 million for failing to take sufficient measures to protect personal data. Last year, approximately 500,000 users of British Airways’ website were redirected by hackers to their own website, allowing them to obtain information including booking details, names, address details and credit card information. In the view of the supervisory authority, this was made possible by inadequate security measures taken by the airline. The latter has announced that it will appeal the fine.

The fine might have been significantly higher if British Airways had not cooperated extensively with the authority and improved its own security measures. In any case, such behavior has led German regulators to reduce fines in the past.

Regardless of the outcome of the further proceedings, the ICO’s decision is in line with the already observed practice of imposing heavy fines, in particular for violations of the provisions of the GDPR to ensure the security of personal data. Their importance in practice can therefore hardly be overestimated. On the other hand, those who, as data controllers, neglect the security of personal data out of disinterest or even for cost reasons will expose themselves to the risk of high fines in the future. In addition to these fines, there are other risks, such as reputational risks or the risk of further regulatory measures, such as the (temporary) prohibition of individual processing operations.”

Explore #more

03.09.2025 | In the media

Guest article in the insurance industry: Embedded Insurance – More than just a new sales channel

The insurance industry is facing a paradigm shift. Traditional sales models are increasingly being supplemented by innovative approaches aimed at facilitating access to insurance policies…

03.09.2025 | KPMG Law Insights

Supply Chain Act: reporting obligation no longer applies, sanctions reduced

In the coalition agreement, the coalition partners agreed to abolish the Supply Chain Due Diligence Act (LkSG) as part of the implementation of the European…

29.08.2025 | In the media

Statement by Ulrich Keunecke on the special infrastructure fund in Politico

KPMG Law financial expert Ulrich Keunecke explains how the infrastructure special fund can be leveraged with capital from private investors. You can find the article…

25.08.2025 | Deal Notifications

KPMG Law is advising APELOS on the refinancing and acquisition of a practice group with around 50 practice locations.

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) advised APELOS Therapie GmbH, a leading therapy practice group in Germany, on the refinancing…

15.08.2025 | In the media

KPMG Law Statement in Die-Stiftung.de on the topic of foundation registers – The long road to digital order

The entry into force of the foundation law reform on July 1, 2023 marks a turning point in the German foundation system. The list of…

14.08.2025 | KPMG Law Insights

Electromobility in logistics – legal challenges

In order to reduce its CO2 emissions, the logistics industry is increasingly turning to electromobility. This is not only due to ESG regulations such as…

07.08.2025 | KPMG Law Insights

NIS2: How energy suppliers must protect themselves against cyber attacks

In July 2025, the Military Counterintelligence Service reported a significant increase in spying attempts and disruptive measures by the Russian secret service, according to media…

06.08.2025 | KPMG Law Insights

Tax havens: When business relationships trigger criminal proceedings

A German tech company had been paying license fees to a contractual partner in Panama for years without ever having any problems. However, few people

06.08.2025 | Deal Notifications

KPMG Law, KPMG in Germany and KPMG in Switzerland advised Bureau Veritas on the acquisition of Dornier Hinneburg and its Swiss subsidiary Hinneburg Swiss

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) together with KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) and KPMG AG Switzerland advised Bureau Veritas Group (Bureau Veritas) on the acquisition…

05.08.2025 | Deal Notifications

KPMG Law advises Athagoras Holding GmbH on the acquisition of IGES Group

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided legal advice to Athagoras Holding GmbH, a platform of the Munich-based PE firm Greenpeak Partners, on the acquisition…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

 
Fields of work
Locations
Position
Language

KPMG Law

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll