Explaining Brazil #164: Companies face fines for data protection misdeeds

Data protection watchdog ANPD, the National Data Protection Authority, is now able to punish companies who mishandle customer data. But many questions around regulators still linger

Approved in 2018, Brazil’s General Data Protection Law — known in Brazil as LGPD — came into force in September 2020 — but only since the turn of the month of August 2021 has data protection watchdog ANPD, the National Data Protection Authority, been allowed to punish companies based on the regulations.

Companies found guilty of poor practices can now be fined up to BRL 50 million — which is the same as USD 9.5 million — or 2 percent of the company’s turnover. For each infraction.

Listen and subscribe to our podcast from your mobile device:

Spotify, Apple Podcasts, Google Podcasts, Deezer


  • Marcela Mattiuzzo is a lawyer specialized in antitrust law and data protection at VMCA Advogados, a São Paulo-based law firm — and previously worked as chief of staff to the chairman of Brazil’s antitrust regulator Cade. She holds a master’s degree in law from the University of São Paulo, and was a visiting researcher at Yale Law School.

Background reading:

  • To understand the roles and responsibilities of Brazil’s incoming data privacy council members, we reached out to lawyer Ana Paula Bialer, nominated for a seat on the council by seven organizations.
  • The federal government has changed its norms on releasing information about the use of slave labor within companies. Based on the country’s new Data Protection Law (LGPD), the administration is concealing the so-called “dirty list” of firms which have used slave labor.
  • Days after Brazil’s National Data Protection Authority (ANPD) was granted the authority to issue fines related to the General Data Protection Law (LGPD), the agency announced it is looking for IT and management specialists to set up a department with 10 specializations. 
  • Brazil’s new general data protection law (LGPD) came into force last year, and reporter Natália Scalzaretto analyzed its initial impact in an exclusive report.
  • Are Brazilian NGOs prepared to implement protection of people’s sensitive info? It doesn’t look like it.

Do you have a suggestion for our next Explaining Brazil podcast? Drop us a line at [email protected]

Don’t forget to follow us on Twitter and Facebook.