By Security Features • July 30, 2019

Marriott Faces $123 Million Fine For 2018 Mega-Breach

visalia-marriott-hotelU.S. hotel group Marriott has become the second firm to face a massive GDPR fine as the U.K. regulator continues on its rampage. The hotel group, which suffered a breach last year, could face a fine of over £99 million ($123 million). It shows the global impact of the regulation, which covers the personal data of EU citizens.

In a statement of the regulator’s intention to fine Marriott International, U.K. Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organizations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.

“Personal data has a real value so organizations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

The latest ICO fine comes after U.K. airline British Airways was hit with an even larger penalty of £183 million ($229 million) yesterday. The BA fine was the biggest ever issued by the ICO and the first under the EU Update to General Data Protection Regulation (GDPR).

Before BA, the largest fine issued by the ICO was £500,000. But under GDPR, firms can be fined up to 4% of turnover.


Read the original post at Forbes Magazine, written by Kate O'Flaherty