Twitter’s recent $500,000 fine for breaching data protection laws demonstrates the need for businesses of all sizes to ensure contracts with organisations who process data for them are carefully drafted, according to a specialist technology law firm.
Twitter’s fine was imposed in December for failing to promptly declare and properly document a data breach under the General Data Protection Regulation (GDPR).
Specialist technology law firm Boyes Turner, which is based in Reading, advises businesses in the UK and internationally on GDPR issues.
Mark Blunden, partner and head of the firm’s technology and commercial team said: “While Twitter, as one of the biggest tech companies on the planet, handling the data of millions of people, will clearly be held to the very highest standards by national data protection agencies in terms of its GDPR compliance, there are lessons to be drawn whatever the size of your business.
“The Twitter case shows how important it is for businesses to keep an eye on what their data processors are doing. A data processor is any organisation that processes data for you, and many businesses use them. Engaging a data processor can’t be a ‘set and forget’ task, as the data controller will be held liable for any lethargy on the part of the processor.”
Explaining how businesses should keep on top of this, Mark adds: “Contracts with data processors should enshrine the need for processors to notify of data breaches as soon as they discover them. Data controllers with the resources to do are advised to audit their processor’s practices regularly too. It is also important to agree clear reporting and recording procedures and have these ready to provide to regulators where requested. Each and every breach should be recorded and assessed.”
Twitter’s GDPR fine is noteworthy because it is the first cross-border GDPR decision by the Irish Data Protection Commissioner.
A number of tech giants are based in Ireland, and the Irish watchdog has a number of other large on-going investigations against Facebook, WhatsApp and others.