The Irish Data Protection Commissioner (DPC) is Twitter’s lead regulator in the European Union. On Friday (Jan. 25), the DPC said it was again looking into the social media giant because of another breach notification it received from the company, according to a report from Reuters.
“The DPC has this week opened a new statutory inquiry into the latest data breach it received from Twitter on 8 January, 2019,” the Commission said on its website. “This inquiry will examine a discreet issue relating to Twitter’s compliance with Article 33 of the GDPR.”
That particular article says a personal breach has to be referred to the commissioner within 72 hours, and it explains the amount and type of info that should come with the notification.
“We actively notify the Office of the Irish Data Protection Commissioner and the public of these issues as appropriate,” Twitter said on Friday. “We are fully committed to working with the Data Protection Commissioner’s Office to improve the already strong data and privacy protections we offer to the people who use our services.”
There can be steep consequences for violating GDPR rules. Organizations can be fined up to 4 percent of global revenue or 20 million euros ($22.82 million) – whichever is higher. Before, the penalties were only a few hundred thousand euros.
The DPC has actively been looking into Twitter since November of last year for numerous other breach-related notifications it received from the company.
A December report from IT governance showed that only 29 percent of firms in the EU have “fully” implemented the GDPR tenets.
The report surveyed more than 200 firms across a range of industries, and as many as 60 percent of the firms that responded said they were “aware” of the fact that they must respond to data subject access requests, but only 29 percent said they had plans in place to address the rules by which they must respond.
In other findings of the IT Governance report, 75 percent of firms said they had conducted at least some parts of a data flow audit, used to gain insight into data risks. As far as security is concerned, the roughly 61 percent of firms said they had “basic controls” in place to contend with data breaches, with 50 percent of firms stating they have plans in place to notify supervisors in the event of such breaches.