Skip to main content

Changes to the EU’s GDPR in May 2018 have given regulators new powers to impose higher fines on businesses and organisations for poor data practices. The recent fines faced by British Airways and Marriott highlight the importance of data protection.

Marriott’s data breach left the personal information of up to half a million guests exposed to hackers. This data breach meant that a variety of identifying information was stolen from guests, including their names, home addresses, telephone numbers, passport numbers and dates of birth. During the attack, the guest’s encrypted credit card numbers were also stolen. The ICO has issued the hotel company a fine of just over £99m. According to The Financial Times, it is the second major fine issued this week by the UK for failing to protect data, after British Airways’ £183m fine.

The ICO’s powers resulting from the May 2018 law changes have significantly increased: data breaches can instigate a fine of up to 4% of annual growth turnover or €20m, whichever is higher. The more recent data breaches and fines have underlined the importance of data protection and the security practices of businesses. Metafour’s commitment to security and the professional handling of confidential and sensitive data is assured by our ISO27001 certification.


ISO 27001 provides an internationally accredited standard for the management and maintenance of information and security within a company. Metafour is dedicated to cyber-security and keeping our customers’ systems safe and protected. Our ISO 27001 certification demonstrates our adherence to GDPR and provides assurance in our security practices.