Marriott International Hotel group has become the second firm to face a GDPR fine as the UK regulator continues to bear down on companies that fail to protect data. The hotel group, which suffered a breach last year, could face a fine of over £99 million ($123 million). It shows the global impact of the regulation, which covers the personal data of EU citizens.
In a statement of the regulator’s intention to fine Marriott International, UK Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.
“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
The latest ICO fine comes after British Airways was hit with an even larger GDPR fine of £183 million ($229 million) yesterday. The BA fine was the biggest ever issued by the ICO and the first under the EU Update to General Data Protection Regulation (GDPR).
Before BA, the largest fine issued by the ICO was £500,000. But under GDPR, firms can be fined up to 4% of turnover.
The post Marriott International facing $123 million GDPR fine data breach appeared first on Payments Cards & Mobile.