The PDP Law introduces penalties for legal entities and responsible persons in legal entities in case of acting contrary to the provisions of the PDP Law.
It imposes monetary fines for the violations of the legal entity in the range between RSD 50,000 and RSD 2m (EUR 450 to 16,000) and for the responsible person in legal entity in the range between RSD 5,000 and RSD 150,000 (EUR 40 to EUR 1,200).
The legal entity may also have to pay a fine of up to 10% of an undertaking’s income realised in Serbia in the previous year, in case of not applying or infringing the data protection authority’s order of limitation on processing or suspension of data flows.
The Serbian Criminal Act prescribes the unauthorised collection of the personal data as a felony. Therefore, it cannot be excluded that natural person who acts contrary to the provisions of the PDP Law, would be subject to potential criminal liability.
- Reputational risk;
- Reimbursement of potential damages (material and non-material)
APD under the current law has administrative supervision and enforcement powers.
According to Angolan Law, APD has the power to impose fines regarding Administrative Sanctions, as follows:
1. Law no. 22/11, of 17 June
Violation of specific requirements for the processing of personal data, non-compliance with the obligation of notifying APD and non-compliance with the APD provisions to cease access to open data transmission networks to data controllers who do not comply with the law from USD 75,000 up to USD 150,000
Violation of specific requirements for the processing of personal data, the violation of data processing principles and data processing without consent from data subjects from USD 65,000 up to USD 130,000.
Note: The attempt of any of the above-mentioned misdemeanour actions or omissions is punishable.
2. Law no. 23/11, of 20 June
Violation of security provisions, violation of confidentiality and violation of traffic data from USD 30,000 up to 150,000.
3. Law no. 7/17, of 16 February
Non-compliance with the provisions of this law, or the violation of any of the requirements in the scope of data protection and security in the networks and information systems leads to the application of fines set at the amount from AOA 7m up to AOA 200m.
1. Law no. 22/11, of 17 June
Non-compliance with data protection obligations
Prison sentence of three months up to 18 months, or a corresponding fine.
Unauthorised access Tampering or destruction of personal data
Prison sentence from six months to two years.
Prison sentence up to three years.
Breach of confidentiality duty
Prison sentence up to 18 months or a corresponding fine.
Note: The attempt of any of the above-mentioned crimes is punishable with prison sentence up to six months, or a corresponding fine.
2. Law no. 38/20, of 11 November (Angolan Criminal Code)
Whoever, with intent to mislead or harm, inputs, alters, deletes or suppresses data in an information system or, in general, interferes with the processing of such data in such a way as to produce false data that may be considered true and used as evidence, shall be punished prison sentence up to two years or the application of a fine up to 240 days.
Information Technology Data Damage
Whoever, with intent to cause damage to a third party or to obtain benefit for himself or for a third party, alters, deteriorates, renders useless, deletes, suppresses or destroys, in whole or in part, or in any way renders other people's data inaccessible, shall be punished prison sentence from one year up to 12 years or the application of a fine up to 360 days.
Illegitimate reproduction of computer program, databases and topography of semiconductor products
Prison sentence from two years up to three years or the application of a fine from 240 days up to 360 days.
Note: The attempt of any of the above-mentioned crimes is punishable.