Section II
Infringements and penalties
Subsection
Offences
Article 32
(Subsidiary legislation)
The offences provided for in this subsection subsidiarily applicable to the system of
offences with constant adaptations of the following/subsequent articles.
Article 33
(Omission or inadequate compliance with obligations)
1. Entities which negligently fail to comply with the obligation to notify the CNPD
of the processing of personal data referred to in in paragraphs 1 and 5 of Article
23, provide false information or comply with the obligation to notify with
observing the terms provided in Article 25, or after being notified by the CNPD,
continue to allow access to open data transmission networks to controllers who
fail to comply with the provisions of the Law are committing an offence
punishable with the following fines:
a) In the case a single individual a minimum of CVE 50,000 and a maximum of
CVE 500,000;
b) In the case of a group of people or an entity without legal personality a
minimum of CVE 300,000 and a maximum of CVE 3,000,000.
2. The fine shall be increased to double the maximum in the case of data subject to
prior authorisation according to article 24.
Article 34
(Other offences)
1. Entities which fail to comply with any of the following provisions of this law are
committing an offence punishable with a minimum of CVE 100,000 and a
maximum of CVE 1,000,000:
a) Appointment of a representative according to paragraph 4 of Article 2;
b) Observance of the obligations in Articles 6, 11, 12, 13, 14, 16, 17 and
paragraph 3 of Article 27.
2. The fine shall be increased to double the maximum in the case of failure to
comply with Articles 7, 8, 9, 10, 19 and 20.
Article 35
(Concurrent offences)
1. If the same fact is simultaneously a crime and an offence the agent shall always
be punishable by virtue of the crime.
2. The penalties applied to concurrent offences shall always be materially
accumulated.

Select target paragraph3