Is your company in compliance with the General Data Protection Law (LGPD) No. 13.709/2018?
Data protection and information security are ensured by the General Data Protection Law. Any leakage of personal information of employees and third parties may result in fines and significant reputational damage for the companies involved.
In Brazil, most companies are not yet fully adapted to the requirements of the General Data Protection Law (Law No. 13.709/2018) or do not adequately monitor data processing after implementing their LGPD policy.
Adopted in many countries around the world, the General Data Protection Law protects sensitive information of employees, clients, and third parties who share their data through digital channels, internal databases, or personal records.
The ANPD (National Data Protection Authority) published on February 27, 2023, a resolution containing the Regulation on Dosimetry and Application of Administrative Sanctions, which will be used for issuing warnings, fines, and other penalties. But what does this mean in practice?
This means that the ANPD is now authorized to apply the monetary fines stipulated in the LGPD to companies that commit violations involving personal data. Furthermore, administrative proceedings are already underway investigating violations committed by companies, which are being conducted internally by qualified professionals.
Making it clear that what changes now is that daily and simple fines will have a calculation schedule set according to each type of violation. Violations committed by a company may result in different penalties, such as warnings, data blocking, and even a daily or simple fine of up to 2% (two percent) of revenue, which will now have the appropriate parameters for their enforcement.
In practice, the ANPD will adopt the following parameters and criteria for the application of penalties. They are:
I - the severity and nature of the violations and the personal rights affected;
II - the good faith of the offender;
III - the advantage obtained or sought by the offender;
IV - the economic condition of the offender;
V - specific recidivism;
VI - general recidivism;
VII - the degree of harm, pursuant to Appendix I of this Regulation;
VIII - the cooperation of the offender;
IX - the repeated and demonstrated adoption of internal mechanisms and procedures capable of minimizing harm, aimed at the safe and adequate processing of data, in accordance with the LGPD;
X - the adoption of a good practices and governance policy;
XI - the prompt adoption of corrective measures; and
XII - the proportionality between the severity of the violation and the intensity of the sanction.
The calculation of fines will follow the formula below:
Fine amount = Base amount x (1 + aggravating factors - mitigating factors)
In this context, Apter, with its team of specialists, can support your company in the following ways:
- Business diagnosis and mapping of processes, systems, policies, and personal data processing activities;
- Preparation, based on the diagnosis, of the policies, workflows, and documents required for compliance with the Law;
- Implementation and management of the processes, policies, and documents required for compliance with the Law;
- Training on the key concepts of the Law, training for those who carry out the activities, and training for the DPO;
- Outsourcing of the Data Protection Officer (DPO) activities; and
- Audit of processes related to personal data in the company, affiliates, service providers, and suppliers.
Does your company have a well-implemented LGPD process and an audit policy for areas that may pose a data leakage risk?
Count on Apter to support you and, should you wish to discuss any specific aspect related to the Law, the new regulation, or any of our solutions, we are at your disposal. Click below to ensure compliance at your company:
Click here and speak with Apter's specialists



