Fines in LGPD - What are they, amounts, and compliance deadlines

Fines in LGPD - What are they, amounts, and compliance deadlines

8 months ago
João Bruno Soares
7 minutes

In July 2019, the General Data Protection Regulation (GDPR) of the European Union issued the largest fine in the history of the law: 183 million euros. The fined company was British Airways, the English airline. The reason for the fine was a security breach that resulted in the personal data of over 500,000 customers being leaked.

Although the LGPD (Brazil's General Data Protection Law) has been in effect for some time now, the subject still generates many questions among Brazilians. What fines are specified in the LGPD? What is the maximum fine a company can receive? What is the deadline for a website to comply and avoid fines?

In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).

##What fines have been imposed under the GDPR?

In the European Union, companies can be fined up to 20 million euros or 4% of their annual revenue, whichever is higher. As we saw, British Airways incurred a loss of 183 million euros due to mishandling of data.

In Germany, a police officer was fined 1,500 dollars for using a citizen's license plate to find his phone number for personal purposes. This shows that it is not only large companies that draw attention with their mistakes and get penalized.

But what about our LGPD? Will the fines be the same under Brazil's General Data Protection Law, which is inspired by the European regulation?

##What cases under the LGPD are subject to fines?

The LGPD must be fully complied with, not in parts. British Airways was fined a record amount for an unintentional slip.

Therefore, it is extremely important that you read everything about the LGPD and make the necessary adjustments as quickly as possible. Every company must have a Data Protection Officer, and it is recommended to use a CMP, which makes the work much easier.

More significant slip-ups will result in higher fines, while minor slip-ups will obviously be penalized differently. The law states that the following factors will be taken into account:

• The severity and nature of the violations and the affected personal rights; • The good faith of the infringer; • The advantage gained or intended by the infringer; • The economic condition of the infringer; • The recurrence; • The degree of harm; • The cooperation of the infringer; • The adoption of good practices and governance policies; • The prompt adoption of corrective measures; and • The proportionality between the gravity of the offense and the intensity of the sanction.

The complete administrative sanctions are specified in 52nd Article of the law, which can be consulted here.

##What are the fines and penalties under the LGPD?

The LGPD provides for six penalties or fines. They are as follows:

  1. Warning: This warning comes with a deadline for the company to comply with the law. If the company fails to make the necessary corrections within the specified timeframe, penalties will be imposed.

  2. Simple fine based on revenue: This fine can be up to 2% of the legal entity's revenue. The maximum limit is 50 million Brazilian reais per violation.

  3. Daily fine: This fine is also limited to 50 million Brazilian reais.

  4. Public disclosure of the violation: The violation becomes public, and the damage to the company's reputation can be significant.

  5. Blocking of personal data: This administrative sanction prevents companies from using the collected personal data until the situation is regularized.

  6. Deletion of personal data: The sixth penalty provided by the LGPD requires the company to completely delete the data collected in its services, causing harm to the company's operations.

The maximum limit for fines under the LGPD is 50 million Brazilian reais. However, some of the penalties can be even more severe, depending on the company. For example, publicly acknowledging the leakage of personal data from thousands of customers can undermine even solid companies, completely eroding the credibility of a brand.

But do these fines also apply to smaller businesses with minimal data processing operations? Or only to large companies like British Airways and Google?

Can anyone be fined?

The law refers to "data controllers." Any website or company that collects data automatically becomes a data controller.

However, there are exceptions. They are as follows:

• Natural persons who use data for personal and non-economic purposes; • Persons who use data for journalistic, artistic, or academic purposes; • Public security or national defense agents who use data to enforce the law.

In these cases, there is no need for formal consent. Therefore, there is no possibility of a fine since these activities do not violate the law.

However, every business, without exception, will be subject to fines once the law comes into effect. But until then, you have a task:

What is the deadline for compliance?

The deadline has already passed! The law came into effect in Brazil on August 16, 2020.

If your company is not yet compliant, we recommend that you start as soon as possible and gather as much information as possible about the law to avoid fines and penalties.

To better understand the regulations, read the article Everything about the LGPD!


LGPD fines

Related posts

Adopt post

How to delete cookies and cache in Chrome and other browsers?

Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular website? Want to delete all cookies from a specific service or site?

Adopt post

Key Differences between LGPD and GDPR and the Impact on Internet Cookies

While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.

Adopt post

GDPR, LGPD, and CCPA: What Are These Laws, Similarities, and Differences

LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.

Adopt post

How to Choose a CMP (Consent Management Platform)?

Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD, DPDPA, CCPA and more...

Adopt post

LGPD: An Opportunity for Digital Marketing Agencies!

Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.

Adopt post

5 Signs Your Website Needs an Cookie Consent Strategy

How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.

Adopt post

GDPR and Cookies all you need to know

Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.

Adopt post

GDPR Legal Basis: An Introduction

In this article, we'll explore the GDPR foundations and provide practical insights from the basics to more advanced concepts of its legal basis.

Adopt post

Google Consent Mode: Beginner to Advanced Guide.

Google Consent Mode (GCM) is nothing more than a way for you to integrate the consent you collect from your visitors into Google technologies. In this way, upon receiving this consent information, collection can only occur with authorization, thus complying with the legislation and having direct evidence of compliance as defense for both you and Google.

Adopt post

LGPD for marketing | A practical guideline.

Every day, millions of users generate data on the web, which is used by companies around the globe to improve their offerings. Therefore, in 2018, a law was created to regulate the use of personal data by companies, and this directly impacts digital marketing. We're talking about LGPD.

Adopt post

How long can we ignore LGPD?

LGPD is in effect. Despite that, there are still many companies ignoring it, but is that possible? How long can we ignore LGPD?

Adopt post

Once upon a time, there was a company that got fined. - THE END

Sad, but this story is more real than you think. It all started with a "surprise" fine. Ever imagined everything crumbling around you? All because of a fine, an invoice that came "out of nowhere"? Your bank account, clients, your job, your car loan, marriage...

Adopt post

The impact of privacy regulations, like LGPD, GPDR... on Inbound Marketing

Those who do not operate in accordance with LGPD's provisions risk facing penalties ranging from warnings to the suspension of their website, databases, and hefty fines.

Adopt post

Responsibilities of a data protection officer.

Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.

Adopt post

Why Give Consent on Every Website I Visit?

Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.

Adopt post

Understand the legal bases of the LGPD

At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.

Adopt post

Understand the meaning of the LGPD for your company

Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?

Adopt post

Why are cookie banners everywhere?

Want to understand why there are cookie banners on every website you visit today? This article is for you!

Adopt post

LGPD and Cookies all do you need to know?

In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.

Adopt post

10 Marketing Processes You Should Rethink under the LGPD!

In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.

Adopt post

How to choose a Cookie Banner for your website

What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!

Adopt post

Best practices in tag categorization

It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.

Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792



Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love