The Brazilian National Data Protection Authority (ANPD) published today (02/27) the rules for the application of sanctions and the methodology for calculating fines for violation of the General Data Protection Law – LGPD (Resolution CD/ANPD No. 04/2023 of 02/24/2023).
The LGPD is in force since 09/18/2020 establishing obligations for the protection of personal data and sanctions that can be applied by the ANPD, in case of violations of the law, after administrative proceedings with the due process of law.
Although the Authority is already established and active, listening to the population in Public Hearings, and receiving complaints from data subjects and reports in cases of Security Incidents, it was needed more detail on how the penalties provided for by the LGPD, in particular fines, would be applied.
With the publication of the current Resolution, from now on organizations can begin to suffer penalties for events that occurred since 09/18/2020, the term LGPD got into force.
Our Technology and Data Protection Team prepared an infographic with the main information on this matter in Portuguese, English and Spanish, so you can share it globally with the areas it may concern.