Portugal
legislation, ensuring the execution of the GDPR in the Portuguese legal system. The GDPR establishes the framework and rules of the European Union law on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. It should be noted that the GDPR became applicable from 25 May 2018, it is binding in its entirety and directly applicable in all Member States (including Portugal), under the terms of Article 288 of the Treaty on the Functioning of the European Union, and Article 99/2 of the GDPR. In other words, the GDPR embodies the European Union effort to strengthen and unify data protection ruling across all the EU Member States. Other relevant laws in Portugal, besides the PDPL, are listed below: Law no. 59/2019, of 8 August 2019, regarding personal data for the prevention, detection, investigation or prosecution of criminal offences; Law no. 41/2004, of 18 August 2004 (as amended), regarding personal data protection and privacy in telecommunications; Law no. 43/2004, of 18 August 2004 (as amended), regarding the organization and operation of the National Data Protection Commission (“CNPD”). 2..2. Additional or ancillary regulation, directives or norms There are additional relevant regulations, directives, and standards to the GDPR and the
aforementioned
Portuguese
legislation. The CNPD (independent and public supervisory authority set up in Portugal under Article 51 of the GDPR) is responsible for monitoring the application of the GDPR to defend the fundamental rights and freedoms of natural persons regarding the processing and the free movement of such data within the European Union. As part of its remit, the CNPD has drawn up regulations and directives, of which we would highlight: Regulation no. 798/2018, of 14 November 2018 (Regulation no. 1/2018 CNPD), approved under Articles 35(4) and 57(1)(k) of the GDPR, on the list of processing operations of personal data subject to a Data Protection Impact Assessment (DPIA); Regulation no. 834/2021, of 14 April 2021, approved under Articles 43(1)(b), 43(3) and 57(1)(p) of the GDPR, on additional accreditation requirements for certification bodies in relation to ISO/IEC 17065/2012; Directive no. 2022/1, of 25 January 2022, on electronic direct marketing communications; Directive no. 2023/1, of 10 January 2023, on organisational and security measures applicable to the processing of personal data.
www.mgra.pt
Made with FlippingBook - PDF hosting