On July 6th, 2023, the Brazilian Data Protection Authority (“Brazilian DPA” or “Authority”) issued its first fine for non-compliance with the Brazilian General Data Protection Law (“LGPD”), in a movement that can be considered a milestone in the repressive action in defense of personal data protection in Brazil.
The controller, an individual microentrepreneur in the telemarketing sector, received two simple fines, in the total amount of R$ 14,400.00, due to lack of legal grounds for data processing and failure to meet the Brazilian DPA’s request, as well as a warning for lack an appointed Data Protection Officer – DPO.
Although it is not possible to fully access the Administrative Proceeding so far – due to the confidentiality imposed by the Authority – it should be noted that this case was included in the List of Sanctioning Processes recently disclosed, with the investigation involving, besides the infractions above, the lack of a Register of Processing Activities – ROPA and the failure to submit a Data Protection Impact Assessment.
Thus, it is expected that the Brazilian DPA continues developing its investigatory and sanctioning activities, with the enforcement of new fines and administrative sanctions due to non-compliance with the LGPD by the processing agents in the near future.
Our team is at your disposal for further clarifications, as well as to provide assistance with the procedures for fulfilling LGPD and/or ANPD regulatory obligations.
Gustavo Flausino Coelho – email@example.com
Fernando Naegele – firstname.lastname@example.org
Larissa Santos Bastos – email@example.com