What are the potential penalties / remedies for non-compliance with the key data privacy and cybersecurity laws in the jurisdiction?
Last review date: 31 December 2023
There are:
☒ administrative remedies /civil penalties applied by regulators and law enforcement
- Monetary penalties as high as USD 1.9 million and USD 3.9 million when Sensitive Personal Data is involved
- Administrative warnings
☒ criminal penalties from regulators and law enforcement
The act of compromising the security of a database containing personal data with the intention to profit is a criminal offence which can be punished with up to 3 years of imprisonment and up to 6 years when sensitive personal data are involved. Furthermore, obtaining and processing personal data through deceit and with the intention to profit is also considered a criminal offence punishable with up to five years of imprisonment, and up to 10 years when sensitive personal data are involved.
☒ private remedies
- Civil lawsuit for damages
- Class actions (Consumer Protection Framework)
☐ other