In current months as you’re almost definitely aware, both British Airways & Marriott Hotels have hit the headlines due to tremendous GDPR fines – £183 million for British Airways and £99.2 million for Marriott.

The penalties show that the General Data Protection Regulation has given enforcers like the UK’s Information Commissioner’s Office, some significant tools to work with. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a worthless $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.

With these new punishments in strong action, we very much recommend you make sure you’ve lessened your risk of being next in the firing line.

GDPR is centered on protecting European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever you are located. Marriott, a U.S. organisation, is a prime case in point.

Here are five best rules we advise all businesses stick to, in order to decrease the risk of an irreversible GDPR fine:

  1. Update every day, patch constantly. Diminish the risk of a cyber-attack by fixing issues that can be used to gain entry to your systems illegally. There is no boundary, so everything matters: patch everything you can get hold of.
  2. Safeguard private data that’s in the cloud. Treat the cloud like any other network you own – close un-needed ports and services, encrypt data and ensure you have proper access controls in place. And do it on all your locations, including QA and development.
  3. Limit access to personal data. Lessen your exposure by collecting and retaining only the information you need and making sure only people with access to it are the people who need it to do their jobs. Not everyone needs admittance.
  4. Train your business. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR obligation. Whether they’re involved with computers or not, everyone requires training.
  5. Document and prove data protection activities. Be able to show that you have thought about data protection deeply and have taken sensible precautions to secure personally identifiable information.


Want to get the best solution for your business?

At iTeam, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on

Share This