f) continues to allow access to open data transmission networks to controllers
who fail to comply with the provisions of this Act after notification by the
CNPD not to do so.
2. The penalty shall be increased to double the maximum in the case of the
personal data referred to in Article 8 and 9.
Article 41
(Undue access)
1. Any person who without due authorisation gains access by any means to
personal data prohibited to him shall be liable to up tone year imprisonment or a
fine of up to 120 days.
2. The penalty shall be increased to double the maximum when access:
a) is achieved by means of violating technical security rules;
b) allows the agent or third parties to obtain knowledge of the personal data;
c) provides the agent or third parties with a benefit or material advantage.
3. In the case of 1 criminal proceedings are dependent upon a complaint.
Article 42
(Invalidation or destruction of personal data)
1. Any person who without the authorisation erases, destroys, damages, deletes, or
changes personal data, making them unusable or affecting their capacity for use,
shall be liable to up to two years imprisonment or a fine of up to 240 days.
2. The penalty shall be increased to double the maximum if the damage caused is
particularly serious.
3. If the agents acts with negligence the penalty in both cases shall be up to one
year imprisonment or a fine of up to 120 days.
Article 43
(Qualified non-compliance)
1. Any person who after being notified to do so does not interrupt, cease or block the
processing of personal data shall be subject to a penalty corresponding to the
crime of qualified non-compliance.
2. The same penalty shall apply to any person who after being notified:
a) without just cause refuses to provide the collaboration specifically required of
him by the CNPD according to the law;
b) does not erase or totally or partially destroy the personal data;
c) does not destroy the personal after the period for keeping them provided for in
Article 6 has elapsed.
Article 44
(Violation of the duty of secrecy)
1. Any person bound by professional secrecy according to the law who without just
cause and without due consent reveals or discloses personal data, totally or in
part, shall be liable to imprisonment from six months to up to three years or a