Argentina: Implemented Resolution 240/2022 establishing "serious" and "very serious" offences under Personal Data Protection Act

On 5 December 2022, the resolution (240/2022) establishing the "serious" and "very serious" offences under Personal Data Protection Act entered into force following its publication in the Official Journal of Argentina. The resolution specifies that the failure to register with the National Registry of Databases before processing personal data will be considered a "serious" offence. The "serious" offences include processing data for purposes that were not declared, whereas a "very serious" offence could include collecting and processing sensitive data without anonymisation. Furthermore, the resolution outlines the penalties for the offences based on their gravity. The "minor " offences will be fined ARS 1'000.00 to 80'000 following two warnings or a fine, and for "serious offences", entities will face a fine amounting between ARS 80'001 to 90'000. The "very serious" offences will face ARS 90'001 to 100'000, or a prohibition from processing data for a year.