Ireland's Data Protection Commission (DPC) is investigating Twitter’s compliance with its obligations under the GDPR.
DPC said on Friday that it has been examining wheter Twitter has implemented technical and organisational measures to ensure the safety and safeguarding of the personal data it processes.
This investigation commenced in November 2018 following receipt of a number of breach notifications from the company since the introduction of the GDPR.
The DPC has this week opened a new statutory inquiry into the latest data breach it received from Twitter on 8 January, 2019. This inquiry will examine a discreet issue relating to Twitter’s compliance with Article 33 of the GDPR.
“We actively notify the Office of the Irish Data Protection Commissioner and the public of these issues as appropriate,” Twitter said in a statement on Friday. “We are fully committed to working with the Data Protection Commissioner’s Office to improve the already strong data and privacy protections we offer to the people who use our services.”
Article 33 of the EU’s General Data Protection Regulation states that a personal data breach must be referred to the commissioner within 72 hours after becoming aware of it, and sets out the amount and type of information that must be supplied with the notification.
Under the new GDPR European privacy regulations, breaking privacy laws can result in fines of up to 4 percent of global revenue or 20 million euros ($22.82 million).