Press release

ERI’s John Shegerian Calls British Airways’ GDPR Fines the ‘Tip of the Data Breach Iceberg’

Sponsored by Businesswire

Citing recent reports of British Airways facing record $229 million penalties in the UK for violating data protection and privacy rules under the European General Data Protection Regulation (GDPR), John Shegerian, Co-Founder and Executive Chairman of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company, has warned that British Airways’ potential fine is just the tip of the iceberg and a sign of what’s to come in the US as well.

The U.K. Information Commissioner’s Office (ICO) earlier this month announced its intention to fine British Airways nearly £183.4 million ($229.5 million) citing a security weakness in the airline’s website that enabled hackers to harvest the personal information of customers. The ICO issued a notice concerning the proposed fine citing infringements of the GDPR.

“Under the new GDPR rules, multinational corporations are being scrutinized more than ever before for their management of digital data,” said Shegerian. “With these increases in liability, there is a huge storm of problems on the horizon for multinational corporations if data is not sufficiently protected from hackers and cybercriminals as well. This is, of course, not unique to Europe. We should anticipate very similar regulatory trends to imminently become established stateside.”

Reports of global cybercrime are at an all-time high and Shegerian explained that an area that is often overlooked is the hacking of physical hardware and devices. To fully combat the threat of a breach, he said, it has become urgently important to account for data on discarded hardware as well.

“When a device is responsibly recycled, part of that process should always include complete, physical data destruction,” said Shegerian. “Guaranteed data destruction is key. Some companies believe their data is being wiped when they drop devices off for recycling and that is not always the case. Also, unethical and illegal shipping of e-waste to other countries has become an additional layer to the hardware security issue because it leads to the wholesale liquidation of the privacy of corporations and individuals.”

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States. ERI is certified at the highest level by all leading environmental and data security oversight organizations to de-manufacture, recycle, and refurbish every type of electronic device in an environmentally responsible manner. ERI has the capacity to process more than a billion pounds of electronic waste annually at its eight certified locations, serving every zip code in the United States. ERI’s mission is to protect organizations, people and the environment. For more information about e-waste recycling and ERI, call 1-800-ERI-DIRECT or visit