Sign in / up

back to article Generally Disclosing Pretty Rapidly: GDPR strapped a jet engine on hacked British Airways

If Equifax's mother-of-all-security-disasters last year underlined one thing, it was that big companies think they can weather just about anything cybercriminals – and regulators – can throw at them. One unpatched web server, 147 million mostly US customer records swiped, and a political beating that should pulverise a company …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

  1. EnviableOne

    Article 33

    Its says that "[the company] shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify [...] the supervisory authority [...] unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification [...] is not made within 72 hours, it shall be accompanied by reasons for the delay."

    so it doesnt have to be within 72 hrs, but if its not, you have to justify it.

    and the fine is based on the Global group turnover, not the business unit, so if there were to be a fine, it would be based on IAG's turnover not BA's

    4 0 Reply
  2. Lomax
    Thumb Up

    > "the answer is Article 33 of Europe's GDPR, under which cyber-break-ins involving personal data must be reported within 72 hours. Security breaches are now understood as having their own lifecycle."

    Thank you to everyone involved in making this happen. A bit late, perhaps, but better late than never.

    0 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like