{"id":2794,"date":"2018-09-20T23:06:29","date_gmt":"2018-09-20T22:06:29","guid":{"rendered":"http:\/\/mouillere.com\/universconvergents\/?p=2794"},"modified":"2018-09-24T13:21:21","modified_gmt":"2018-09-24T12:21:21","slug":"true-cost-of-gdpr","status":"publish","type":"post","link":"https:\/\/mouillere.com\/universconvergents\/2018\/09\/20\/true-cost-of-gdpr\/","title":{"rendered":"True Cost Of GDPR"},"content":{"rendered":"

Section 33 of the GDPR\u00a0sates we\u00a0must report a breach within 72 hours. It took British Airways just one day to announce it had been hit by a cyber-attack between 21 August and 5 September. On 6 September, the airline informed its customers that details from around 380,000 booking transactions had been stolen, including bank card numbers, expiry dates and cvv codes.<\/p>\n

<\/p>\n

The data were taken via a script designed to steal financial information by ‘skimming’ the payment page before it was submitted. Despite BA\u2019s quick reporting of the breach, experts think the airline could be hit by a huge fine under the GDPR. Previously, the largest fine issued by the Information Commissioner\u2019s Office (ICO) was \u00a3500,000.<\/p>\n

But under GDPR, firms can be fined up to 4% of turnover<\/strong>: In BA\u2019s case \u00a3500 million. If the airline\u2019s parent group International Airlines Group (IAG) is held accountable instead, the number could be even higher.<\/p>\n

And of course, the fines are in addition to any compensation<\/strong> BA needs to pay to customers who might have suffered financial fraud as a result of the breach. But the costs do not end there: BA has been threatened\u00a0with a \u00a3500 million class-action lawsuit in a UK court by law firm SPG Law, the U.K. branch of U.S. law giant Sanders Phillips Grossman.<\/p>\n

“The airline has guaranteed that financial losses suffered by customers directly<\/strong> because of the theft of this data from British Airways will be reimbursed, and is recommending that customers contact their bank or card provider if they made a booking or change to their booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018.”<\/em><\/p><\/blockquote>\n

But SPG Law says that under GDPR, breach victims have a right to further compensation<\/strong> and that BA should compensate victims for the “inconvenience, distress and misuse of their private information<\/strong>” caused by the breach.<\/p>\n

Article 82\u00a0GDPR states: “Any person who has suffered material or non-material damage as a result of an infringement of this regulation shall have the right to receive compensation from the controller or processor for the damage suffered.”<\/em><\/p><\/blockquote>\n

SPG Law says that it believes that each breach victim may be able to claim up to \u00a31,250 ($1,600), in part because their payment card details were current at the time of the breach.<\/p>\n

https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2018\/09\/20\/how-the-british-airways-breach-will-reveal-the-true-cost-of-gdpr<\/a><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Section 33 of the GDPR\u00a0sates we\u00a0must report a breach within 72 hours. It took British Airways just one day to announce it had been hit by a cyber-attack between 21… <\/p>\n","protected":false},"author":1,"featured_media":2607,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[16],"tags":[65],"class_list":["post-2794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-donnees-personnelles","tag-rgpd"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/09\/gdpr.jpg?fit=460%2C206&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6jw1p-J4","jetpack-related-posts":[{"id":2810,"url":"https:\/\/mouillere.com\/universconvergents\/2018\/09\/20\/gdpr-fines-cyber-insurance\/","url_meta":{"origin":2794,"position":0},"title":"GDPR Fines & Cyber Insurance","author":"Fred","date":"20 septembre 2018","format":false,"excerpt":"GDPR fines could reach the greater of 20 million Euro or 4% of your gross annual global revenue. Are GDPR fines insurable ? According to MARSH ANALYSIS, insurability will vary by location, Policy, and Law. Key factors will include: Specifics of insurance contracts: \u00a0Which policies might provide coverage? Do they\u2026","rel":"","context":"Dans "Cybers\u00e9curit\u00e9"","block_context":{"text":"Cybers\u00e9curit\u00e9","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/cybersecurite\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/marsh.jpg?fit=1200%2C810&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/marsh.jpg?fit=1200%2C810&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/marsh.jpg?fit=1200%2C810&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/marsh.jpg?fit=1200%2C810&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/marsh.jpg?fit=1200%2C810&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":598,"url":"https:\/\/mouillere.com\/universconvergents\/2015\/07\/28\/eu-privacy-watchdog-calls-for-pragmatism-in-wording-of-data-protection-reforms\/","url_meta":{"origin":2794,"position":1},"title":"EU privacy watchdog calls for pragmatism in wording of data protection reforms","author":"Fred","date":"28 juillet 2015","format":false,"excerpt":"The European Data Protection Supervisor (EDPS) has made recommendations which would streamline many of the draft provisions being considered by EU law makers as they negotiate a new General Data Protection Regulation. Among the recommendations are proposals to simplify planned new rules on data protection impact assessments and the reporting\u2026","rel":"","context":"Dans "Donn\u00e9es personnelles"","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/08\/Capture-d%E2%80%99%C3%A9cran-2015-08-04-%C3%A0-21.32.34.jpg?fit=1200%2C505&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/08\/Capture-d%E2%80%99%C3%A9cran-2015-08-04-%C3%A0-21.32.34.jpg?fit=1200%2C505&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/08\/Capture-d%E2%80%99%C3%A9cran-2015-08-04-%C3%A0-21.32.34.jpg?fit=1200%2C505&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/08\/Capture-d%E2%80%99%C3%A9cran-2015-08-04-%C3%A0-21.32.34.jpg?fit=1200%2C505&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/08\/Capture-d%E2%80%99%C3%A9cran-2015-08-04-%C3%A0-21.32.34.jpg?fit=1200%2C505&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":1028,"url":"https:\/\/mouillere.com\/universconvergents\/2015\/09\/30\/eu-pnr-system-condemned-by-the-european-data-protection-supervisor-lack-of-necessity-and-proportionality-the-system-might-lead-to-a-move-towards-a-surveillance-society\/","url_meta":{"origin":2794,"position":2},"title":"EU PNR system condemned by the European Data Protection Supervisor. Lack of necessity and proportionality: \u201cthe system might lead to a move towards a surveillance society\u201d.","author":"Fred","date":"30 septembre 2015","format":false,"excerpt":"On 24 September 2015 the European Data Protection Supervisor (EDPS), Giovanni Buttarelli, delivered his second opinion on the proposal of a Directive on the use of PNR data of airline passengers, flying to Europe and from Europe, as an instrument of law enforcement for the prevention, detection, investigation and prosecution\u2026","rel":"","context":"Dans "Cybers\u00e9curit\u00e9"","block_context":{"text":"Cybers\u00e9curit\u00e9","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/cybersecurite\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/07\/4617357_3_b22e_sur-les-reseaux-sociaux-de-nombreux_62ff6ca6b01b759840f332412aece338.jpg?fit=534%2C267&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/07\/4617357_3_b22e_sur-les-reseaux-sociaux-de-nombreux_62ff6ca6b01b759840f332412aece338.jpg?fit=534%2C267&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/07\/4617357_3_b22e_sur-les-reseaux-sociaux-de-nombreux_62ff6ca6b01b759840f332412aece338.jpg?fit=534%2C267&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":29,"url":"https:\/\/mouillere.com\/universconvergents\/2015\/06\/03\/general-data-protection-regulation-moving-forward-slowly\/","url_meta":{"origin":2794,"position":3},"title":"General Data Protection Regulation – Moving forward, slowly","author":"Fred","date":"3 juin 2015","format":false,"excerpt":"The discussions in the EU on the proposal for a General Data Protection Regulation (GDPR) are slowly advancing, but the final destination is still unknown. Commissioner V\u011bra Jourov\u00e1 , who is responsible for Justice, Consumers and Gender Equality and has the task of ensuring the \u201cswift adoption of the EU\u2026","rel":"","context":"Dans "Donn\u00e9es personnelles"","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/2000px-Brussels_EU.svg_.png?fit=1153%2C1200&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/2000px-Brussels_EU.svg_.png?fit=1153%2C1200&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/2000px-Brussels_EU.svg_.png?fit=1153%2C1200&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/2000px-Brussels_EU.svg_.png?fit=1153%2C1200&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/2000px-Brussels_EU.svg_.png?fit=1153%2C1200&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":1873,"url":"https:\/\/mouillere.com\/universconvergents\/2016\/02\/11\/the-new-privacy-shield-will-the-recent-agreement-put-an-end-to-legal-insecurity\/","url_meta":{"origin":2794,"position":4},"title":"The new \u201cPrivacy Shield\u201d, will the recent agreement put an end to legal insecurity?","author":"Fred","date":"11 f\u00e9vrier 2016","format":false,"excerpt":"On the basis of the 1995 Data Protection Directive, the European Commission, on 26 July 2000, adopted the \u201cSafe Harbour decision\u201d recognizing the \u00ab Safe Harbour Privacy Principles \u00bb issued by the Department of Commerce of the United States, as providing adequate protection for the purposes of personal data transfers\u2026","rel":"","context":"Dans "Donn\u00e9es personnelles"","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/10\/safeharbor_logo-33bd8e992d9f99e55d8b0caa6c6d0477.jpg?fit=792%2C325&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/10\/safeharbor_logo-33bd8e992d9f99e55d8b0caa6c6d0477.jpg?fit=792%2C325&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/10\/safeharbor_logo-33bd8e992d9f99e55d8b0caa6c6d0477.jpg?fit=792%2C325&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/10\/safeharbor_logo-33bd8e992d9f99e55d8b0caa6c6d0477.jpg?fit=792%2C325&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4740,"url":"https:\/\/mouillere.com\/universconvergents\/2020\/07\/08\/peut-on-encore-considerer-que-les-us-assurent-un-niveau-de-protection-adequate\/","url_meta":{"origin":2794,"position":5},"title":"Peut-on encore consid\u00e9rer que les US assurent un niveau de protection ad\u00e9quate ?","author":"Fred","date":"8 juillet 2020","format":false,"excerpt":"Le\u00a0European Data Protection Supervisor (EDPS) vient de rendre ses conclusions et recommandations sur l'utilisation des produits et services Microsoft par les institutions de l'UE et s'inqui\u00e8te notamment de la localisation des donn\u00e9es, des transferts internationaux et du risque de fuite de donn\u00e9es. \u00a0 \"EU institutions needed to put in place\u2026","rel":"","context":"Dans "Donn\u00e9es personnelles"","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/07\/fonctionnement-prism.jpg?fit=592%2C648&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/07\/fonctionnement-prism.jpg?fit=592%2C648&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/07\/fonctionnement-prism.jpg?fit=592%2C648&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/2794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/comments?post=2794"}],"version-history":[{"count":1,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/2794\/revisions"}],"predecessor-version":[{"id":2795,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/2794\/revisions\/2795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/media\/2607"}],"wp:attachment":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/media?parent=2794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/categories?post=2794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/tags?post=2794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}