EU GDPR Shows Teeth

In case one got the impression that the EU’s General Data Protection Regulation (the “GDPR”) was toothless, the U.K.’s Information Commissioner’s Office (the “ICO”) announced on July 9, 2019 that it would fine Marriott International over 99 million pounds ($124 million).  The fine is in relation to a 2018 breach for failing to examine and correct it data infrastructure.  It is the second time this week that the ICO has acted.  Earlier in the week, the ICO fined British Airways 183 million pounds ($224 million).  Smaller fines have also been issued in places like France, Spain and Austria, and Facebook is being widely investigated in a number of EU jurisdictions.