WASHINGTON/ BRUSSELS-Facebook said Monday it has suspended “around 200” apps on its platform as part of an investigation into misuse of private user data. The investigation was launched after revelations that political consulting firm Cambridge Analytica hijacked data on some 87 million Facebook users as it worked on Donald Trump’s 2016 campaign.

“The investigation process is in full swing,” said an online statement from Facebook product partnerships vice president Ime Archibong.

“We have large teams of internal and external experts working hard to investigate these apps as quickly as possible. To date thousands of apps have been investigated and around 200 have been suspended - pending a thorough investigation into whether they did in fact misuse any data.” Archibong added that “where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website.”

The revelations over Cambridge Analytica have prompted investigations on both sides of the Atlantic and led Facebook to tighten its policies on how personal data is shared and accessed. Facebook made a policy change in 2014 limiting access to user data but noted that some applications still had data it had obtained prior to the revision. “There is a lot more work to be done to find all the apps that may have misused people’s Facebook data - and it will take time,” Archibong said.

New European Union data protection laws take effect on May 25 to protect users’ online information, in what Brussels touts as a global benchmark after the Facebook scandal.

The laws will cover large tech companies like Google, Twitter and Facebook that use personal data as an advertising goldmine, as well as firms like banks and also public bodies.

One major change is that consumers must explicitly grant permission for their data to be used, while they can also specifically ask for their personal information to be deleted.

Firms face huge fines of up to 20 million euros ($24 million) or four percent of annual global turnover for failing to comply with the EU’s General Data Protection Regulation (GDPR). “It’s your data - take control,” the European Commission, the EU’s executive arm, urges the bloc’s 500 million citizens in guidelines for the new rules.

The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.

Facebook chief Mark Zuckerberg told US lawmakers last month the firm plans to fall into line with the EU rules as it seeks to rebuild its reputation after the breach, which affected 87 million users.

The scandal has proved a godsend for the EU.

EU Justice Commissioner Vera Jourova told AFP in an interview that the incident fueled “a campaign” for the new European law in a way that she could never have done.

She said the EU was setting a global benchmark for data protection as many Americans who once criticised Europe as too set on regulation now see the need for the GDPR.

The Facebook scandal showed “that we really are living in the kind of jungle where we are losing ourselves,” the Czech commissioner added.

But not everything has run smoothly.

At least eight of the 28 EU countries will not have updated their laws by May 25.

The lack of preparedness comes despite the fact that the new laws were officially adopted two years ago, with a grace period until now to adapt to the rules.

This “will create some legal uncertainty,” Jourova said, blaming countries for neglect rather than resistance to the law.

Facebook, WhatsApp, Instagram and Twitter have all started in the last few weeks to alter their terms of use, but the situation appears more complicated for small- and medium-sized firms.