On 9 July, the UK Information Commissioner’s Office issued a notice of its intention to fine Marriott International, Inc. £99,200,396 for alleged infringements of the EU General Data Protection Regulation in connection with a cybersecurity incident notified to the ICO by Marriott in November 2018.
The ICO’s public statement followed Marriott’s disclosure of the ICO’s intention to the US Securities and Exchange Commission and comes just one day after the ICO published its notice of intention to fine British Airways £183.4 million (see our previous blog post here). The proposed fines, if enforced by the ICO, will be the two highest fines levied under the GDPR, to date.
Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.