Sie sind auf Seite 1von 2

General Data Protection Regulation (GDPR) and Facebook

What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in European on data
protection and privacy for all individual citizens of the European Union(EU) and
the European Economic Area (EEA). This was designed to enhance the laws that protect the
personal information of individuals. The companies covered by the GDPR are accountable
for their handling of people's personal informationsdg. This can include having data
protection policies, data protection impact assessments and having relevant documents on
how data is processed.
For companies that have more than 250 employees, there is a need to have documentation of
the reason why people's information is being collected and processed, descriptions of the
information that is stored, how long it is being kept for and descriptions of technical security
measures in place.
If an organisation does not process an individual's data in the correct way, it can be fined. In
the UK, these monetary penalties will be decided upon by Denham's office and the GDPR
states smaller offences could result in fines of up to €10 million or two per cent of a firm's
global turnover (whichever is greater). Those with more serious consequences can have fines
of up to €20 million or four per cent of a firm's global turnover (whichever is greater).
GDPR and Facebsfgook
Many security breaches were identified with Facebook with respect to the GDPR compliance.
Few of those are the following:
 The private photos of up to 6.8 million users were improperly accessible to up to
1,500 different applications built by 876 different developers for nearly two weeks
before the company noticed the security lapse and fixed it.
 A bug in its photo API that allowed third party applications to access a user’s private
photographs without their permission.
Due to these bugs, the hackers were able to take advantage of a vulnerability in its “View As”
feature and steal the access tokens for roughly 50 million users. These access tokens allowed
hackers to take over users’ accounts
There was a major fault at Facebook’s end as well. Facebook has interpreted GDPR’s 72-
hour notification rule to apply only after a company has decided that a given breach requires
reporting, rather than after the company is aware that there is a breach. In all the cases,
Facebook took nearly two months to decide that the scope of the breach meant it had no
choice but to report it and considers the 72-hour window to have begun only after it made
that determination.