The EU’s General Data Protection Regulation went into effect last May. The law empowers EU regulators to levy fines of up to 4 percent of an organization’s annual global revenue or 17.9 million ($22.5 million) – whichever is greater – if they violate Europeans’ privacy rights. British Airways and Marriott are the first major, proposed sanctions – they are not yet final – over data breaches that have occurred since GDPR enforcement began on May 25, 2018. Both businesses now have a chance to comment, as do other European data protection authorities.”]
Source: https://www.cuinfosecurity.com/blogs/dear-ba-marriott-your-gdpr-fines-are-important-to-us-p-2770