The Republic of Ireland's Data Protection Commission (DPC) has fined Facebook parent company Meta \u20ac17 million (US$18.6 million) for violating multiple articles of the GDPR (General Data Protection Regulation) related to a series of 12 data breach notifications that occurred in the latter half of 2018.The GDPR is an EU regulation that sets comparatively strict standards for the management, processing and protection of user data that went into effect in May 2018. Specifically, the DPC stated, the company failed to institute measures that would allow it to demonstrate compliance with GDPR regulations, under Articles 5(2) and 24(1)."The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the DPC said.The practices under examination by the DPC involved cross-border processing of personal data, and so according to GDPR rules, all of the other European supervisory authorities were consulted, the DPC added.The GDPR applies to almost all companies that handle the personal data of European residents, or have a physical presence in an EU country. Information explicitly covered by the GDPR includes names and addresses, health data, web identifiers like cookies, racial data, sexual orientation and political opinions. Critically, it also applies to third-party vendors providing services to companies subject to the law \u2014 meaning they have to be GDPR-compliant, as well, in order to avoid fines for the company directly subject to the law.GDPR fines are determined by a multifactor legal test, which takes into account the gravity and nature of the infraction, whether it was intentional or negligent, what category of data was affected and more. Specific guidelines are provided for offenses under certain chapters of the GDPR, which are capped at either \u20ac10 million or 2% of a company's worldwide income from the previous year, whichever is higher, for lesser infractions, or \u20ac20 million or 4% of last year's income for more serious violations.The \u20ac17m fine levied against Meta is the 11th\u00a0largest ever handed out for violating the GDPR, according to list maintained by email security vendor Tessian. While the fine pales in comparison to the largest ever handed out \u2014 that distinction belongs to a \u20ac746 million levy against Amazon in 2021, for violating cookie handling policies \u2014 the Meta family of companies has previously earned larger fines than the one announced today, including a \u20ac255 million penalty for insufficiently well-defined privacy policies at WhatsApp issued by Ireland in 2021, and \u20ac60 million in June 2021 from French authorities for failing to obtain proper cookie consent from Facebook users.