If the UK Information Commissioner's Office wanted to send a message that companies need to treat personal information data breaches seriously in the post-GDPR era then it has certainly done that.
British Airways (BA) suffered a serious hack where hackers harvested personal information from approximately 500,000 customers, including credit card information. Once it became aware of the breach BA acted very responsibly, and dealt with the breaches and its obligations under the GDPR. Despite this, they are likely to be fined $350m.
The size of the proposed fine has caught most commentators by surprise. For example, last year Facebook was fined £500,000 for a data breach (under the old UK Data Protection Act) which impacted 87 million users in the Cambridge Analytica scandal.
However, the penalties available under the GDPR are significantly higher, for this type of breach they are the greater of €20m or 4% of global turnover.