Twitter has been fined €450,000 (~$547k) by Ireland’s Data Protection Commission, commonly known as DPC under Europe’s General Data Protection Regulation (GDPR) for not declaring and documenting a breach of data. The decision is the first cross-border GDPR by the leading European privacy supervisor, Irish Watchdog.
The company, Irish Watchdog, supervises many renowned companies and has a backlog of more than 20 running cases including active investigation for Facebook, WhatsApp, Linkedln, Apple, and Google.
In a recent press release, the regulator writes that “The DPC’s investigation commenced in January 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate, and dissuasive measure”.
According to the rules of the GDPR, it is mandatory to notify within 72 hours of the controller becoming aware of the breach to the relevant supervisory authority. Along with these, documentation of the data involved and their response to the incident is also required. This is essential to assure the checking of the compliance by the relevant data supervisor.
Twitter, however, has refrained from maintaining either of the protocols.