The ICO has fined Marriott International £18.4m for violations of the GDPR related to its 2018 data breach. The ICO found Marriott did not implement proper technical and organisational measures to protect personal data processed in their systems. Read the full Penalty Notice. Other EU DPAs have approved the actions and penalty against Marriott.
Additional commentary in The Telegraph criticised the size of the fine reduction originally announced at £99.2m. And The Register, which highlights how your name, address, phone number, email address, passport number, date of birth, and sex are worth just £0.05 each.