When it comes to privacy and data protection, the major highlight of the last semester was the publication, by the Brazilian National Data Protection Authority (ANPD) on 27 February 2023, of the Regulation on the Application of Administrative Sanctions in case of non-compliance with the General Data Protection Law (LGPD – Law 13,709/2018).

According to this regulation, which became effective immediately after its publication, the objective criteria now exist and will enable the Brazilian National Data Protection Authority (ANPD) to initiate penalties for non-compliance with the Law.

The established criteria guide the selection of the most appropriate sanction for each specific case, enable the calculation of the suitable fine when and if applicable, and retroactively affect ongoing administrative proceedings before the authority.

“According to the General Coordinator of Inspection, Fabrício Lopes, the disclosure of the list of inspection processes is the fulfillment of a commitment that ANPD had already made for this first semester, with the purpose of providing transparency to society regarding its activities and communicating that the inspection work has been ongoing since the creation of ANPD, even before the publication of the inspection regulations and dosimetry regulations”.

In this regard, up to now, the authority has already released two lists containing a total of 24 processes involving 15 public institutions, 19 private institutions, and one process with the company name listed as “unidentified,” which refers to the compliance verification of the processing of personal data of 223 million data owners.

It is estimated that soon we will have the disclosure of new processes, as there are several other companies on the radar of the ANPD, and data owners have powerful and easily accessible tools at their disposal to report non-compliance with the law to the authority.