Over the years we have seen breaking headlines about the major retailers and the damage they have inflicted upon their clients and employees by failing to protect their data. From the very recent WHSmith scandal, all the way back to the Marriot Hotel’s scammer in 2019, these trusted brands have shown us over and over that it can in fact happen to them, and so we should take the necessary steps to stop it being us. 

But what happens if it does affect you?  

What about the people whose National Insurance Numbers, birthdays and address’s were unfortunately leaked?  

GDPR 

In the May of 2018, the Government introduced a set of regulations designed to protect people's personal data. The General Data Protection Regulation Law, or better known as the GDPR law, meant companies now had to be transparent about what data they were collecting and how it will be used. 

For example, the sales emails your marketing department send out, will all be GDPR compliant by offering a quick, simple and easy way for the recipients to remove themselves off of your mailing list. Consent is key when it comes to personal data.  

Without someone’s explicit consent, personal data can not be used or stored in any way, doing so risks fines of up to £20 Million or 4% of your global turnover, and this was the consequence of the retailors who failed to protect their held sensitive data.  

So, what happened with the major retailors? * 

GOOGLE:  

Google was found guilty of not seeking user consent to use their data for targeted advertising campaigns (among other reasons) and were fined £43.2 Million.  

H&M: 

Very disturbingly H&M were fined £32.1 Million for secretly recording their employees and made the videos accessible to management without the staff knowing. 

BRITISH AIRWAYS:  

Going back to 2020, this major airline was fined £20 million due to a data breach that enabled a hacker to access personal data of about 400,000 people. The leaked data included names, addresses and credit card information.  

Marriott Hotels:  

Whilst their fine was of a lesser amount (£18.4 Million) this data breach was very similar to that of British Airways. In a hack that lasted for 4 years before it was uncovered, 300 million of their customers personal data was exposed. Again, this data included very sensitive, identifiable data such as credit card information, passport numbers and dates of birth. 

*These fines were delivered between the years of 2019-2020. This information was provided by the BBC.