Facebook could pay more than a billion fines for a data breach involving 50 million users

The massive data breach announced Friday by Facebook could prove costly for the company.

The company said it discovered a data breach on Tuesday and has been investigating hacking since. About 50 million user accounts were affected by the violation, but Facebook did not know exactly what information had been accessed and whether it had been misused or not, according to the ticket written by the company to announce the violation.

But piracy could end up costing the company more than $ 1 billion in fines, The Wall Street Journal reported.

Under the General Data Protection Regulation (GDPR), which came into force on 1 June, companies operating in a European Union country had to comply with the new security rules. If an investigation is conducted into Facebook's efforts to protect its users and the users failed to protect users appropriately, the company could be fined.

This fine amounts to $ 23 million, or 4% of the total turnover of the company for the previous year, a company that violates the law will be fined a higher amount. In this case, this means that Facebook could be fined $ 1.63 billion, according to The Wall Street Journal.

Under the new GDPR rules, companies are also required to notify a regulator of data breaches in which information about users or customers may have been compromised.

Whether or not Facebook violated this 72-hour rule was not clear. The company said the breach was discovered Tuesday afternoon. It is difficult to know which time zone it is referring to. The company then notified users via a "Security update" message on its editorial website on Friday with the timestamp at 12:41. EDT. The company, however, announced Thursday to the Commission for Data Protection in Ireland, the regulator of European activities of Facebook, that The Wall Street Journal.

The report that Facebook has presented to the DPC may not be as detailed as necessary. The notification that the company sends to the regulator must include a number of details. It must describe the violation and include "the number of persons concerned, the categories and the approximate number of personal data records concerned", in accordance with the RPG Act. It should also include information on who to contact for further investigation of the problem, describe the consequences of the violation and the measures taken to control it.

It is still unclear whether Facebook has met these requirements when the breach has been discovered, and the EU data protection team will need to investigate further.

Facebook CEO Mark Zuckerberg arrives in the European Parliament before the hearing on the data confidentiality scandal on 22 May at the European Union headquarters in Brussels. Facebook suffered a data breach this week and could face fines under the new GDPR rules. John Thys / AFP / Getty Images