The DPC said its investigation commenced in January 2019 following receipt of a breach notification from Twitter. The organisation found Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach.
“The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure,” said the DPC in a statement.
A statement from Twitter said it had worked with the DPC to support its investigation, shared its commitment to online security and privacy and it had made changes so future incidents can be reported to the DPC in a timely fashion.
Chris Strand, Chief Compliance Officer at threat intelligence company IntSights, said: “The decision to fine Twitter 450,000 euros for failing to notify a data breach in time shows the intent between member states within the EU to seek balance between ensuring the GDPR is properly enforcing the legal obligation on data controllers and to keep the law consistently positioned to be the reining baseline standard for international data privacy disputes.
“This could certainly cause a potential shake up to international tech giants and set a new precedence on how they are doing business in the future.”Click below to share this article