A National Data Protection Authority (ANPD) announced yesterday the application of the first sanction for violation of the Brazilian General Data Protection Law (LGPD) - at General Law of Data Protection. According to the agency's inspection general coordination, the company Telekall Infoservice committed infractions in three articles of the LGPD, leading to the application of a warning and two fines, totaling the amount of BRL 14.400. See more details below. i356c
Company did not comply with LGPD requirements 6y5420
Telekall Infoservice was investigated by the National Data Protection Authority in a lawsuit filed in March last year. According to prior information released by the ANPD, the investigation took place due to several irregularities, including the lack of a legal basis for the processing of personal data, the absence of a record of operations, the failure to send an impact report, the absence of a person in charge personal data (DPO) and failure to comply with authority requests.
The fine imposed on the company for violating the LGPD was applied after an inspection by the ANPD, which identified non-compliance with three articles of the law:
- Article 5: Definitions
- Article 7: Hypotheses for carrying out processing of Personal data
- Article 41: DPO or Person in Charge of Personal Data
Failure to comply with article 41, in which the company failed to appoint a Data Protection Officer and a data protection officer, resulted in a warning. Non-compliance with articles 5 and 7, in which the legal basis for processing data in the company was not proven, resulted in a fine of R$7.200 for each article, totaling R$14.400.
The company has 20 working days to pay the fine, and may appeal the decision. If there is no appeal, the amount may be reduced to R$ 10,8 thousand. In case of non-payment, the istrative process will be forwarded to the Specialized Federal Prosecutor's Office of the ANPD for the execution of the fine, which may result in the company's inclusion in the Union's overdue debt and in the Informative of Unpaid Credits of the Federal Public Sector (Cadin). This sanction marks an important milestone in the effective application of the LGPD, almost three years after its entry into force.
It is important to note that the amounts of the fine imposed on Telekall are istrative sanctions provided for in the LGPD, and it is not a fine of up to 2% on billing, also provided for in the law.
Telekall was one of the companies included in the first group of investigators released by the National Data Protection Authority in March. In this list, the company was the only representative of the private sector, while the other names were public bodies, such as the Ministry of Health, the Federal District Department of Education and the State Department of Health of Santa Catarina, among others.
What is the General Data Protection Law (LGPD)? y211b
A General Law on Data Protection (LGPD) is a Brazilian legislation that establishes guidelines and rules for the processing of personal data by companies and organizations. Approved in August 2018 and in force since September 2020, the LGPD was inspired by the General Data Protection Regulation (GDPR) of the European Union and aims to protect the privacy and rights of citizens in relation to their personal data.
The LGPD establishes principles and guidelines for the collection, storage, processing and sharing of personal data, as well as defining the rights of data subjects, such as the right of access, rectification, deletion and portability of their data. The law also imposes obligations on companies and organizations that handle personal data, such as obtaining proper consent, taking security measures to protect data and reporting security incidents.
In addition, the LGPD created the National Data Protection Authority (ANPD), responsible for monitoring and applying sanctions in the event of non-compliance with the law. The legislation seeks to promote a data protection culture in the country, encouraging companies to adopt good privacy and security practices in the treatment of personal information.
In an increasingly privacy-conscious market, companies that demonstrate a commitment to protecting personal data can attract more customers and business partners. The culture of privacy and data protection can be a decisive factor in consumers choosing between competing companies.
Compliance with the LGPD contributes to the protection of the company's reputation. Consumers are increasingly concerned about the privacy of their data and tend to prefer companies that demonstrate care and transparency regarding the handling of this information. By adopting a culture of data protection, the company builds trust with its customers, business partners and the general public.
In addition to the legal and commercial aspects, the inclusion of the General Data Protection Law (LGPD) in the company's culture is a matter of social responsibility. By treating personal data with respect and care, the company is contributing to building a more privacy-conscious and ethical society. This reflects positively on the organization's corporate image and social impact.
In summary, incorporating the General Data Protection Law (LGPD) into the organizational culture is essential for legal compliance, reputation protection, adoption of best security practices, competitive advantage and social responsibility. By making data protection a priority at all levels of the company, it is preparing for a future where data privacy and security are increasingly valued and respected.
Sources: G1, Legal Adviser
SEE MORE:
What you need to know about GDPR
Internet shopping: learn about consumer rights and tips to stay safe
reviewed by Glaucon Vital in 7 / 7 / 23.
