• About
  • Offices
  • Careers
  • News
  • Students
  • Alumni
  • Payments
Background Image
Bennett Jones Logo 100 Years
  • People
  • Expertise
  • Knowledge
  • Search
  • Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
View all
Practices
Corporate Litigation Regulatory Tax View all
Industries
Capital Projects Energy Funds & Finance Mining View all
Advisory
Crisis & Risk Management Environmental, Social & Governance (ESG) Governmental Affairs & Public Policy
View Client Work
Insights News Events
New Energy Economy Series COVID-19 Resource Centre Business Law Talks Podcast
Subscribe
Bennett Jones Centennial Menu
People
Practices
Industries
Advisory Services
Client Work
About
Offices
News
Careers
Insights
Law Students
Events
Search
Alumni
Payments
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
 
Blog

Record Fine Proposed Under GDPR

July 11, 2019

Written by Sébastien Gittens, Martin Kratz and Michael Whitt

Any doubt that the world of data protection changed profoundly when the European Union’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, were solidly dispelled when the United Kingdom’s Information Commissioner’s Office (ICO) issued a notice of its intention to fine British Airways a record £183.39 million (C$300 million) for infringements of that law. While the GDPR allows penalties of up to 4.0 percent global annual turnover of an organization, the proposed British Airways fine is close to 1.5 percent of its 2017 global turnover.

The ICO’s investigation found that British Airways’ “poor security arrangements” was responsible for a cyber incident in June 2018, that allowed user traffic to the airline’s website to be diverted to a fraudulent site where the personal information of approximately 500,000 individuals was harvested by attackers.

The airline will have opportunity to make representations to the ICO as to the proposed findings and sanction; but this and other recent announcements by the UK regulator highlights the potentially large liability that may be imposed under GDPR⁠—not only for organizations that have an establishment in the European Union, but other organizations as well. Indeed, the GDPR has extraterritorial effect as it is intended to apply to any natural or legal person, public authority, agency or other body outside of the European Union who:

  1. targets individuals in the European Union by offering goods or services (regardless of whether a payment is required); or
  2. monitors the behavior of individuals in the European Union (where that behaviour takes place in the European Union).

Given the sweeping extraterritorial application of the GDPR, together with significant fines that may be issued thereunder, Canadian organizations are cautioned to be mindful of the potential application of the GDPR, and periodically evaluate whether this law may apply to their operations.

If you would like to learn more about the effects of GDPR or other data protection and privacy regulatory regimes on your business, members of our Data Protection and Governance team can assist, and where required, can direct you to experienced European counsel.

PDF Download

Authors

  • J. Sébastien A. Gittens J. Sébastien A. Gittens, Partner, Trademark Agent
  • Michael R. Whitt QC Michael R. Whitt QC, Partner, Patent Agent, Trademark Agent

Spring 2022 Economic Outlook

Related Links

  • Insights
  • Media
  • Subscribe

Recent Posts

Blog

UPDATED Canadian Sanctions Targeting Russia, Belarus [...]

June 29, 2022
       

Blog

National Indigenous Economic Strategy Rebuilding Indigenous Economies

June 24, 2022
       

Blog

Achieving Net Zero by 2050: The MMV Plan as a Fundamental [...]

June 23, 2022
       

Blog

Anti-Money Laundering Rules Expanded to Include Payment [...]

June 21, 2022
       

Blog

Alberta Court Declines to Extend Limitation Period [...]

June 20, 2022
       
Bennett Jones Centennial Footer 100 Years
Bennett Jones Centennial Footer 100 Years
About
  • Leadership
  • Diversity
  • Community
  • Innovation
  • Security
  • History
Offices
  • Calgary
  • Edmonton
  • Ottawa
  • Toronto
  • Vancouver
  • New York
Connect
  • Insights
  • News
  • Events
  • Careers
  • Students
  • Alumni
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
© Bennett Jones LLP 2022. All rights reserved.
  • Privacy Policy
  • Disclaimer
  • Terms of Use
Logo Bennett Jones