The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to protect their personal data. On Friday (Jan. 25), the DPC opened a new statutory inquiry into the latest data breach it received from Twitter on 8 January, 2019. This inquiry will look into Twitter’s compliance with article 33 of the GDPR. So, Twitter is now being investigated in relation to its compliance with its obligations under the GDPR to implement technical and organisational measures to ensure the safety and safeguarding of the personal data it processes.
Article 33 of the EU’s General Data Protection Regulation states that a personal data breach must be referred to the commissioner within 72 hours after becoming aware of it, and sets out the amount and type of information that must be supplied with the notification.
Actually, on December 2018, Twitter was being investigated by Irish privacy authorities over its refusal to give a user information about how it tracks him when he clicks on links in tweets. The DPC has actively been looking into Twitter for numerous other breach-related notifications it received from the company.
If they are violating GDPR rules, the organization can be fined up to 4 percent of global revenue or 20 million euros ($22.82 million) – whichever is higher. Before, the penalties were only a few hundred thousand euros.