The Regulation on Dosimetry and Application of Administrative Penalties by the National Data Protection Authority was published on February 27, 2023. The Regulation sets the criteria and parameters for monetary and non-monetary sanctions for violations of the Brazilian General Data Protection Law (“LGPD”), establishes the forms and measurements for the calculation of the base amount of fines, and amends ANPD Resolution N. 1, which provides the rules for the Authority’s inspection and sanctioning process.

The Dosimetry Standard regulates articles 52 and 53 of the LGPD, which address administrative sanctions and defines the criteria and parameters adopted for monetary and non- monetary sanctions, as well as the forms and dosimetry for calculating the base amount of fines.

Moreover, the regulation amends articles 32, 55 and 62 of Resolution N. 1/ANPD, streamlining the administrative sanctioning and inspection process.

With the new Standard, ANPD is now able to apply administrative sanctions based on the established requirements, as the Regulation comes into force immediately after its publication.

On March 28, 2023, after the consolidation of the Dosimetry Standard, the ANPD published a list of the Administrative Sanctioning Procedures initiated by the General Inspection Coordination (“CGF”). The procedures in question have not yet been concluded and their information is limited to the name of the public agency or private company, the conduct under investigation, the sector in which the inspected entity operates, the stage the procedure is at, and the number of the procedure opened at the ANPD.

According to the information in the Agency’s website, the details about the outcome of the procedures and possible sanctions applied will only be disclosed after the conclusion of the investigation. For the disclosure of such information, the CGF and the Communication Department will create a page on the ANP’s web site.

So far, information has been released on 8 (eight) Administrative Sanctioning Procedures, 7 (seven) of which refer to the public sector and 1(one) to the private sector. With this, it is evident that the National Data Protection Authority is already in effective activity.

For more information, please contact us.