The U.S. tech giant's European subsidiary is based in Ireland and the social network chose the country's DPC as its "one-stop shop" as the regulator for data privacy matters in the EU. Therefore the Irish DPC will eventually decide the punishment, if any, that Facebook will face under the EU's strict General Data Protection Regulation (GDPR) which was introduced in May.
Under the regulation, companies that suffer a data breach must report it to the authorities within 72 hours of it being discovered, something Facebook appears to have done. But another, more worrying part of the law for Facebook, is the financial punishment that could follow.
Firms can be hit with fines if they are found to have not done enough to prevent a data breach or went against any of the principles around the processing of information laid out in GDPR legislation. The maximum fine Facebook could face is 4 percent of annual global turnover, if it is found to have breached GDPR. Since the social network made over $40.65 billion last year in revenue, that total fine could amount to around $1.63 billion.
This is what the Irish DPC's investigation will seek to establish. The Facebook data breach is the first real test for GDPR and is believed to be the biggest hack in Facebook's history.
A Facebook spokesperson was not immediately available for comment but the Irish DPC said the company had said that its "internal investigation is continuing and that the company continues to take remedial actions to mitigate the potential risk to users."
The breach comes at a bad time for the social networking giant which has had a torrid year dealing with the fallout over various issues including the Cambridge Analytica data scandal and scrutiny over its role in elections.
WATCH:Why Facebook's business model is only now coming under fire