€51,000 Fine for failing to Appoint a Data Protection Officer. Regulator says “Be Warned!”

Hamburg’s data protection authority has issued Facebook’s German unit with a fine of 51,000 euros. They fined the company for not nominating a data protection officer for its local office. According to the regulators, the fine serves as a ‘warning’ to others.

ICO’s Guideline on appointing a data protection officer

The General Data Protection Regulation (GDPR) which came into law from May 2018 makes it mandatory for any company processing personal data to appoint a Data Protection Officer (DPO) in certain circumstances. 

It is the DPO’s responsibility to assist the organisation in ensuring their processing activities are in compliance with GDPR requirements. The DPO also serves as the middleman between the company and the supervisory authority. 

The details of the DPO should be published along with the contact details. The information should also be shared with the ICO and relevant supervisory authorities.  The purpose of publicising the details is to make sure data subjects and supervisory authorities can easily contact the DPO when necessary.

Facebook’s breach of GDPR 

Facebook Inc’s German unit failed to fulfil these requirements, hence the penalty of 51,000 euros. The enactment of GDPR gave data protection authorities more power. This includes the ability to fine companies for as much as 4% of global annual sales. 

According to Hamburg’s data protection authority, Facebook’s ‘careful and professional handling of the violation’ helped them to avoid a higher fine. The authority made the following statement in their recently published 2019 annual report, 

This case should be a clear warning to all other companies: naming a data protection officer and telling the regulator about it are duties.

They further added, “Even smaller violations like these can lead to substantial penalties.”

Facebook’s History of Data Breaches

Facebook increasingly finds itself in the crosshairs of data protection authorities. In 2019, the social media company was fined $5 billion by the Federal Trade Commission for mishandling user’s personal information. Facebook also agreed to pay a fine of £500,000 to the Information Commissioner’s Office following an investigation into Cambridge Analytica and the company’s failure to protect people’s data during the election cycle. Other notable missteps include leaving the personal information of over 419 million users unprotected on an open server. 

CEO of Kazient Privacy Experts, Jamal Ahmed comments,

This case highlights how important it is to appoint a Data Protection Officer. What businesses might not know is that you can outsource the appointment of your DPO to privacy experts such as Kazient Privacy Experts at a fraction of the cost of employing a full time DPO.

Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.