More than a year after the Data Protection Regulation came into force, the national law came into force on 9 August, with fines of up to € 20 million and prison sentences. From that day, and by the end of this month, the National Data Protection Commission (CNPD) has received requests for fines for non-compliance with the new data protection law of 22 public entities, something that the law has even made possible. August 2022.
The requests prompted a decision of the CNPD, dated September 3, signed by the chairman of the Commission. In the document, Filipa Calvão clarifies that the waiver can only be assessed during the hearing period, and when applied a misdemeanor, when public companies can for example argue that they have no money to pay the fine, and the commission, after evaluating the damage caused to the natural person, makes a decision on such waiver.
The president of the CNPD also explains that the Commission does not consider in advance the waiver of penalties not yet applied, and can only be requested by public entities and decided “after the notification of the accusation of the practice of an offense and in the context of a concrete proceeding. contraordenacional ”.
Therefore, the Commission states that all waiver applications submitted outside the above requirements “do not justify the opening of decision-making”. According to the CNPD, the reason is that the circumstances that “allow the exercise of that right” are not yet verified. [de dispensa] legally assigned ”.