It's what we've all been waiting for ... the Information Commissioner's first penalty since GDPR came into force last year.

And it's clear that personal data issues are being taken seriously.  This was not a case of "lost" personal data. Instead,  BA was targeted by hackers who diverted website users to a fraudulent site where they obtained personal data such as email addresses and credit card details.  

It's a stark warning to all companies that data security must be maintained and that no excuses will be accepted even where subjected to a malicious attack.

The next question is what it will take to receive the full penalty of 4% of worldwide turnover?