It is worth noting that if the GDPR rules had been applicable to this data breach, the fine would have been much bigger.
Instead of a £500k penalty, Cathay Pacific could have been hit with a share-holder sickening £470m fine - 4% of its annual global turnover.