Brazil Imposes First Fine for LGPD Violation

In a landmark move, Brazil’s National Data Protection Authority (ANPD) has wielded its regulatory power by imposing its first-ever fine for breaching the country’s General Data Protection Law (LGPD). The decision comes almost three years after the law came into effect.

The ANPD found that Telekall Infoservice, a small telecommunications company, committed multiple offenses, including failing to have a valid legal basis for processing personal data, failing to appoint a data protection officer, and failing to comply with the investigation. These infractions led to a dual-fine and a warning.

The fines, amounting to BRL 14,400 (approximately US$3,000), were based on breaches of Articles 7 and 41 of the LGPD as well as Article 5 of Resolution CD/ANPD 1/2021. However, if Telekall opts not to challenge the decision and pays on time, the fine can be reduced by 25%.

The decision highlights the ANPD’s commitment to enforcing the LGPD, regardless of a company’s size. While some may have expected larger corporations to be targeted first, the action underscores that data protection compliance should be a universal concern.

As the ANPD continues its efforts to hold companies accountable, it’s essential for businesses, whether big or small, to prioritize data protection compliance. This decision sends a clear message: the ANPD will enforce the data privacy rules, and non-compliance is not an option.

Companies operating in Brazil or processing Brazilian citizens’ data should take notice. Telekall Infoservice may be the first company to face an enforcement action, but it certainly won’t be the last.