The early bird really does catch the worm when it comes to PR and media relations activity – as proven by our most recent success in securing our client in The Times online following the GDPR fine against British Airways.
There was no escaping the breaking news on British Airways receiving a record fine of £183m for last year’s breach of its security systems. This amount made Facebook’s previous record fine of £500,000 seem like a drop in the ocean. A day later Marriott was also hit with an almost equally hefty fine of nearly £100 million. Both fines sent a clear message that the Information Commissioner’s Office (ICO) was serious about fining anyone breaching GDPR regulations.
According to data gathered by the European Business awards, a third of European companies are still not GDPR compliant though.
The public interest in the BA story and the confusion that remains among businesses around GDPR, meant this news of record fines was a reason for two of our particular clients, who are GDPR experts in certain fields, to share their insight and advice and reassure business owners on ways to stay data compliant.
In swift reaction to the BA story breaking, Alex Bransome, Virtual Chief Information Security Officer (vCISO) at Doherty Associates, experts in managing and securing cloud services, issued to the media advice on why the attack on BA’s data network was possible, and how BA should have being doing more to monitor, test and update their security systems to ensure there were no gaps in their cyber defence that hackers could take advantage of. “Commonly organisations make the mistake of deploying security systems and then leaving them. To keep your front door secure and personal data protected at all times, companies must regularly run security checks and update their security systems to ensure any vulnerabilities are identified and patched so no gaps are left for cyber criminals to exploit.”
Alex’s advice was complimented by legal expert Diane Yarrow, partner and commercial solicitor at award winning law firm, Gardner Leader solicitors. “There are various factors considered when setting the level of the fine which include; the number of people affected and the level of damage suffered, negligent character of the infringement, degree of responsibility of the controller and the categories of personal data affected by the infringement amongst other things. This fine sets a strong precedent for future large scale data breaches…and in the next 28 days, we should learn more details of the basis on which BA will appeal the ICO’s decision, together with the ICO’s response to the appeal.”
But speed isn’t the only critical element to getting results. The actual content and the way the comment is crafted and presented is of equal importance to ensuring your comment stands out against the many others the media will have received that day.
Let’s see what the next 28 days brings us!