Total Tests:

Booking.com fined €475,000 over delay in reporting a breach

By Jay Jay for teiss
Monday, April 5, 2021

The Dutch Data Protection Authority (AP) has imposed a fine of over £400,000 on Booking.com for reporting a security incident twenty-two days after discovering it, instead of the mandated 72 hours.

Commenting on the fine issued to Booking.com, Ilia Kolochenko, founder and Chief Architect of ImmuniWeb, told Teiss that the fine seems to be severe given that sensitive data of just 300 people was compromised among 4,000 victims that were somehow affected.

“The Dutch DPA exercised its discretion to impose fines under Article 83 of GDPR in a broad manner, and it seems to be an unambiguous signal of zero tolerance for late data breach reports. From the Booking.com statement, it’s unclear whether it will appeal the sanction as disproportionally harsh in light of the unprecedented lenience towards Marriott and BA by the UK regulator.

“The European Data Protection Board will probably intervene and bring more clarity on this specific misconduct in terms of gravity and subsequent punishability. In any case, this precedent evidences that victims of data breaches are to rigorously follow Article 33 of the GDPR and notify the competent DPA within 72 hours as prescribed,” he added. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential