More than one year on from the General Data Protection Regulation, which came into force on 25th May 2018, the news that British Airways is to be fined more than £183m by the Information Commissioner’s Office after hackers stole the personal data of half a million of the airline’s customers will come as no surprise, says insurance, risk management and data privacy expert Darren Wray. Fifth Step’s CEO Wray says, however, that even at this early stage of the investigation it could be that BA's parent company got off lightly, writing for YouTalk Insurance.