11/06/2024
The General Data Protection Law (LGPD), Law No. 13,709/2018, establishes a series of obligations for the processing of personal data and, in case of non-compliance, provides for severe penalties. Here are the main sanctions applicable to companies that infringe the provisions of the LGPD:
- Warning: The warning is one of the lightest sanctions provided by the LGPD. It includes the indication of a deadline for the company to adopt corrective measures in its data processing operations. This is generally the first regulatory response in cases of non-serious violations.
- Simple Fine: Companies can be penalized with fines of up to 2% of the group’s net revenue in Brazil, limited to R$ 50 million per infraction. This penalty can be applied to each violation incident, which can result in significant sums in cases of multiple infractions.
- Daily Fine: In addition to the simple fine, the authority can impose daily fines as a way to compel the company to cease the infringing practice or to adopt corrective measures.
- Blocking of Personal Data Related to the Violation: The LGPD allows the National Data Protection Authority (ANPD) to order the blocking of personal data involved in the violation until the company corrects the irregularities.
- Elimination of Personal Data Related to the Violation: In more serious cases, the ANPD may determine that the company eliminates the personal data related to the violation, directly affecting the company’s ability to operate that specific part of its business.
- Partial Suspension of Database Operations: Partial suspension involves prohibiting the company from processing certain sets of data for a specified period until compliance is achieved.
- Total Suspension of Database Operations: In particularly severe violations, the total suspension of data processing for a certain period can be determined, preventing the company from continuing any activity involving the processing of personal data.
- Partial or Total Prohibition of Activities Related to Data Processing: This is one of the most severe sanctions, whereby the ANPD can prohibit the company from carrying out any personal data processing operation, effectively shutting down those operations that depend solely on data processing.
Thus, companies must implement robust data protection practices to avoid these sanctions. Compliance not only protects the company from financial penalties but also strengthens its reputation and consumer trust.