The LGPD administrative sanctions came into force. What's next?
On August 1st, 2021, the administrative sanctions provided by Article 52 of the General Data Protection Act ("LGPD") entered into force. This means that the National Data Protection Authority ("ANPD") can now impose administrative fines and penalties provided for in the legislation. They are:
- Warning, along with a deadline for adopting corrective measures;
- Simple fine, up to 2% of the legal entity's revenue, limited to R$ 50,000,000.00 (fifty million reais) per infringement;
- Daily fine, subject to the same limit above;
- Disclosure of the infraction once it has been duly ascertained and confirmed;
- Blocking of the personal information to which the infraction refers until its regularization;
- Deletion of the personal information to which the infraction refers;
- Partial shut down of the database to which the infraction refers for a maximum period of 6 months, extendable for an equal period, until regularization of the processing activity by the controller;
- Suspension of processing of personal information to which the infraction refers to for a period of 6 months, extendable for an equal period;
- Partial or total prohibition of the exercise of activities related to data processing.
It is important to note that the administrative sanctions will be applied following an administrative procedure that allows for a full defense, in accordance with the peculiarities of the specific case and taking into consideration parameters and criteria such as:
- The severity and nature of the infractions and personal rights affected;
- The good faith of the offender;
- The advantage obtained or intended by the offender;
- The economic conditions of the offender;
- The extent of damage.
Controllers and processors shall act in a preventive manner to mitigate risks and avoid the imposing of sanctions. This can be done by means of effectuating an appropriate LGPD compliance program.
Our team is closely monitoring all developments related to LGPD and assisting clients in compliance projects. For more information on this subject, please e-mail firstname.lastname@example.org.