Intention to fine Marriott International – Starwood Reservation Database Security Incident

On 9 July 2019 Marriott International announced that UK Information Commissioner’s Office (ICO) had communicated its intent to issue a fine in the amount of £99 200 396 against the company in relation to the ‘Starwood guest reservation database’ incident that Marriott announced on 30 November 2018. In this incident a variety of personal data contained in approximately 339 million guest records globally were exposed, of which around 30 million related to residents of 31 countries in the European Economic Area (EEA), while seven million related to UK residents.

The impact of the GDPR

Over one year after the entry of the GDPR into force, on 24 July 2019 the European Commission published a report looking at the positive impact of the EU data protection rules and how they can be improved further.