Facebook’s German subsidiary was issued a fine of 51,000 euros for failing to appoint a data protection officer under the General Data Protection Regulation (GDPR).
The Hamburg Commissioner for Data Protection and Freedom of Information issued the fine in December 2019, after learning through a complaint that despite appointing a data protection team at its Ireland headquarters, it failed to do so for its German unit.
In its 2019 annual report published Thursday, Hamburg’s data protection authority explained that the fine should be considered a warning “to all other companies: naming a data protection officer and telling the regulator about it are duties.”
The watchdog added that even smaller violations can lead to substantial penalties.
“Facebook Germany is a company with an annual turnover of around $35 million, whose business — in contrast to the parent company — is not the processing of personal data of users. Given the negligence of the breach and the fact that Facebook only failed to notify an already appointed data protection officer, the sanction is to be considered significantly dissuasive,” said Hamburg Commissioner for Data Protection and Freedom of Information Press Officer Martin Schemm.
Facebook did not appeal the fine and has paid it. The report explained that Facebook avoided an even higher fine through its “careful and professional handling of the violation” and immediately appointing a data protection officer.
Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.