Facebook received a £1bn fine last month, the biggest GDPR penalty ever issued by the European Data Protection Board writes Cyber Security Technician Tom Boughton.
It was imposed after repeated violations of the General Data Protection Regulation, caused by Meta IE’s transfer of EU citizen data to the US for storage and processing.
While the EU-defined “standard contractual clauses” allow for data to be transferred from EU to non-EU countries, the subjected data must be handled in compliance with the GDPR, which is where Meta IE has failed.
GDPR fines can be up to €10 million or 2% of worldwide annual revenue for lesser violations, or €20 million or 4% of worldwide annual revenue for severe violations, the latter of which is applicable to Meta IE.
This case indicates that the GDPR, and the UK-based DPA 2018, are still relevant in today’s world and must be followed and implemented where necessary.
One way to help ensure you follow the DPA 2018/GDPR is to implement ISO 27001, an information security management system that aids an organisation to secure many types of data that it may encounter. Indelible Data offers ISO 27001 consultancy including affordable template documents and Gap Analyses, find out more here.
Click here for the full EDPB article on its fine.