Twitter fined half a million dollars for late data breach reporting Better late than never? Not under GDPR. Image: Jakub Porzycki / NurPhoto via Getty Images Twitter has been issued a big fine for late reporting of a data breach under GDPR rules. Irelandâs Data Protection Commission slapped a fine of â¬450,000 ($547,000) on the social media company for failing to report an issue â which saw protected tweets become unprotected for some Android users â within the legally required timeframe per Europe's General Data Protection Regulation. The DPC made its final decision on Tuesday after an investigation that commenced in Jan. 2019. Following a data breach in the 2018 holiday period, Twitter did notify the DPC, but the commission found that the company had reported it outside the 72-hour statutory notice period required under GDPR, and in doing so, "infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach."