ICO to fine Marriott £99m for GDPR data breach

UK – The Information Commissioner’s Office (ICO) has issued a £99m fine to hotel chain, Marriott International, for infringements of the General Data Protection Regulation (GDPR).

Marriott hotel_crop

The fine relates to a data breach in November 2018 affecting the personal data of 339m guest records globally – about 30m of those were from the 31 countries in the European Economic Area (EEA) and seven million in the UK.

The data breach related to the Starwood hotels group and dated back to 2014; however it came under Marriott’s responsibility following its acquisition of the business in 2016. The exposure of the information was not discovered until 2018 and the ICO said Marriott failed to do enough due diligence when it bought Starwood.

Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This an include carrying out proper due diligence when making a corporate acquisition and putting in place proper accountability measure to assess not only what persona data has been acquired but how it is protected.”

Marriott has co-operated with the ICO investigation and improved its security arrangements since these events came to light. Marriott can make representations to the ICO as to the proposed findings and sanction.

We hope you enjoyed this article.
Research Live is published by MRS.

The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.

Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.

For example, there's an archive of winning case studies from over a decade of MRS Awards.

Find out more about the benefits of joining MRS here.

0 Comments


Display name

Email

Join the discussion

Newsletter
Stay connected with the latest insights and trends...
Sign Up
Latest From MRS

Our latest training courses

Our new 2025 training programme is now launched as part of the development offered within the MRS Global Insight Academy

See all training

Specialist conferences

Our one-day conferences cover topics including CX and UX, Semiotics, B2B, Finance, AI and Leaders' Forums.

See all conferences

MRS reports on AI

MRS has published a three-part series on how generative AI is impacting the research sector, including synthetic respondents and challenges to adoption.

See the reports

Progress faster...
with MRS 
membership

Mentoring

CPD/recognition

Webinars

Codeline

Discounts