The United Kingdom has issued the first GDPR notice in relation to the Facebook data scandal which saw the data of up to 87 million users harvested and processed without their consent.
While the UK’s Information Commissioner’s Office (ICO) has recently imposed the maximum fine of £500,000 under the terms of the Data Protection Act 1998 on Facebook for the social media giant’s role in the scandal, a Canadian company may not be so lucky in avoiding scrutiny under new data protection laws.
The EU’s General Data Protection Regulation (GDPR) came into force this year, on May 25.
Under the terms of the legislation, companies operating in the region must report data breaches to regulators within 72 hours. Failures to adequately protect information can result in fines of up to €20 million or four percent of annual global turnover, whichever is higher.
The ICO has not issued any GDPR-related fines yet, despite recieving 500 calls a week reporting data breaches since the new rules came into effect in the EU.
Read more here