Brazil: LGPD – sanction is applied by the ANPD for breach of the general data protection law


published on 31 July 2023 | reading time approx. 1 minute


On 6 July 2023, the General Supervision Coordination of the ANPD (CGF/ANPD) published in the Federal Official Gazette that the first sanctions were applied by the National Data Protection Authority (ANPD) to a microenterprise in the tele­com­muni­cations sector that ignored the administrative process initiated and did not appoint a data protection officer, failing to comply with the legal obligations regarding the General Data Protection Law (LGPD).



For violation of three articles of the law and for being a small business, the amount of each infraction was limited to 2 percent of its gross revenue, according to article 55, II of the LGPD resulting in a warning and a fine of BRL 14,400.00.


According to ANDP, these are the sanctions:

  • Warning for breach of art. 41 of the LGPD
  • A fine of BRL 7,200.00 for breach of art. 7 of the LGPD, and BRL 7,200.00 for breach of art. 5 of the supervisory regulation, totalling BRL 14,400.00


Furthermore, the company did not appoint a data protection officer, and the ANPD verified that the processing of personal data was occurring without legal support.


In particular, the article 41 of the LGPD establishes that the data controller must appoint a Data Protection Officer, keeping his identity and contact information publicly disclosed, in a clear and objective manner, preferably on the company's website.


Failure to appoint a Data Protection Officer (DPO) is a serious breach, as these professional plays a key role in ensuring data privacy and security within an organization.

 From the newsletter


Contact Person Picture

Philipp Klose

Managing Partner South America

+55 11 5094 6060

Send inquiry

Contact Person Picture

Arife Erkan

Head of Corporate Services

Associate Partner

+55 11 5094 6060 1290

Send inquiry

 How we can help

 Read more

Deutschland Weltweit Search Menu