On March 18, 2025, at the Hotel Laghetto Stilo Higienópolis, Thomas Dulac Müller, a lawyer and expert in corporate restructuring, participated in the panel "Third-Party Liability in Bankruptcy", sharing his expertise alongside top industry specialists. The discussion provided strategic insights into the legal implications of bankruptcy for third parties involved in insolvency proceedings. […]
CPDMA BLOG
Category: Articles
Date: 14 de December de 2023
Posted by: CPDMA Team
The first sanctions applied by the National Agency for the Protection of Personal Data (ANPD) were a wake-up call for companies: the LGPD is a serious law and must be complied with.
The General Personal Data Protection Law - Law no. 13.709/18 (LGPD) was published in 2018 and came into force in 2020. This deadline was given to public and private legal entities (processing agents) that collect, store or process personal data of individuals, in Brazil or abroad, to comply with the new regulations.
Initially, sanctions and administrative fines were imposed by consumer protection agencies (PROCON), the Public Prosecutor's Office, as well as labor and civil lawsuits, until the National Data Protection Authority (ANPD) began its inspection activities in 2021.
At first, the ANPD worked to raise awareness and educate data processors about the importance of applying good practices in the processing of personal data, in the pursuit of the fundamental right to informational self-determination (EC No. 115/22).
The personal data protection system was put into effect when the first administrative sanctions were applied by the regulatory agency.
The first company fined is a provider of telephony services, such as telemarketing and self-service via the messaging service WhatsApp. Because it is a micro-enterprise, the amount for each infraction was limited to 2% of its gross revenue, totaling R$7,200.00 per infraction.
The company was fined for failing to appoint the person responsible for processing personal data, as required by art. 41 of the LGPD, and for processing personal data without a legal basis: the company processed voters' personal data for the purposes of an election campaign, without the express consent of the data subjects, as required by art. 7, II, of the LGPD.
The Santa Catarina State Health Department (SES-SC) was the second public company to receive sanctions from the ANPD. Four warning sanctions were imposed for leaking personal data.
SES-SC infringed art. 49 of the General Personal Data Protection Act (LGPD) by neglecting the security of systems for storing and processing personal data, and by the lack of clarity, inadequacy and timeliness of the notice to data subjects, which was considered an infringement of art. 48 of the LGPD. In addition, the agency failed to submit the Personal Data Protection Impact Report (RIPD) requested by the Authority.
It should be noted that the sanctions imposed on companies are attributed to the lack of proper documents and procedures.
Thus, contractual compliance and the creation of standardized documents, without the implementation of effective practices, are not enough to guarantee compliance with the law and avoid sanctions.
The application of sanctions by the ANPD is an important instrument for the protection of personal data in Brazil. Companies must be vigilant in complying with the legislation to avoid the risk of administrative sanctions.
Civil Law | CPDMA Team
Recent posts
Thomas Dulac Müller discusses third-party liability in bankruptcy at TMA Brasil event in Porto Alegre
Read more
State Government launches Refaz Reconstruction: public notice for negotiation of ICMS debts
Read more
The Refaz Reconstruction (Decree 58.067/2025) will allow the regularization of debts with the State Revenue Service and the State Attorney General's Office (PGE) for companies owing ICMS, with a reduction of up to 95% in interest and fines. The initiative aims to reduce an ICMS debt stock of R$ 55.2 billion in the state. Currently, about 72% of this amount is in the judicial collection phase, […]
PGFN Launches Public Notice No. 4/2025 for the 2nd National Tax Regularization Week
Read more
The Office of the Attorney General of the National Treasury (PGFN) has published Public Notice No. 4/2025 for the execution of transactions during the 2nd National Tax Regularization Week, aiming to provide beneficial conditions for the regularization of debts registered in the Union’s active debt, with amounts equal to or lower than R$ 45 million. The public notice will be available from March 17 to March 21, and applications must be made exclusively through the REGULARIZE website.
Atualização da NR-1: sua empresa está preparada?
Read more
Atualização da NR-1 do MTE - muito além de uma obrigação: boas práticas de gestão de riscos ocupacionais demonstram boa-fé para com os stakeholders[1] vinculados à empresa e permitem que esta se destaque no mercado competitivo por sua governança em conformidade com os preceitos normativos. A Norma Regulamentadora nº 1 (NR) é uma norma do Ministério do […]
Assessment of Entitlements in Partial Dissolution of a Company: Legal and Practical Aspects
Read more
The dissolution of a company is a highly relevant topic in Corporate Law. Whether total or partial, the withdrawal, exclusion, or death of a partner can generate conflicts among those involved, especially regarding the assessment of entitlements to be paid to the withdrawing or excluded partner or their successors. The Civil Code provides general guidelines […]
The Full Bench of the Superior Labor Court (TST) established 21 binding theses on Monday (02/24), consolidating itself as a Court of Precedents.
Read more
Como forma de pacificação da jurisprudência consolidada junto aos Colegiados do TST, as teses firmadas deverão ser observadas pelos Tribunais Regionais do Trabalho. Nesta toada, a Resolução 224/2024 acrescentou dispositivos na IN 40/2016 do TST, prevendo o cabimento de Agravo Interno contra decisões dos Tribunais Regionais do Trabalho que negarem seguimento a Recurso de Revista nos casos em que o […]
English 
Português do Brasil 
Español