The Argentinian data protection authority ('AAIP') issued, on 1 December 2022, Resolution 240/2022 amending Provision No. 9 of 19 February 2015 on the National Directorate for the Protection of Personal Data and No. 13 of 10 March 2015. In particular, the AAIP highlighted that the Resolution establishes the classification of offences under the Personal Data Protection Act, Act No. 25.326 of 2000 ('the Act') respectively as minor, serious, and very serious, alongside the graduation of sanctions.

More specifically, the Resolution establishes that minor offences include, among other: 

• processing of personal data without registering with the National Registry of Databases ('the National Registry')
• failuring to report changes, updates, or cancellations in a timely manner to the National Registry; and
• failing to provide the information requested by the National Directorate for Personal Data Protection in due time and correct form.

On the other hand, the Resolution classifies serious offences to include, among others:

• declaring false data when registering with the National Registry;
• processing personal data without an adequate legal basis;
• collecting personal data without providing their holders with the right to information required under the Act;
• failing to process personal data for the stated purposes; and
• maintaining data for longer than the legally established registration.

Finally, the Resolution outlines that very serious offences include, among others:

• failing to report the identifying data of the responsible person for processing of personal data, in the privacy policy;
• maintaining inaccurate personal data or failing to make rectifications, updates, or deletions;
• transfering personal data to countries without adequate levels of personal information protection; and
• collecting and processing sensitive data without due anonymisation.

You can read the announcement here and the Resolution here, both only available in Spanish.