ILN Data Privacy Paper

Portugal

indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” – cf. Article 4(1) of the GDPR. Therefore, the concept of personal data encompasses information such as a person's name, home address, email address, identity card number, biometric data (fingerprints or facial features), location data, genetic data and online identifiers (IP address or cookies). In other words: any information that can be used, either alone or in combination with other information, to identify a natural person is considered personal data and is subject to data protection legislation in Portugal (in particular, and from the outset, to the PDPL). 3.1.2 Definition of different categories of personal data In Portugal, as well as in the GDPR, personal data is categorized into different types depending on its sensitivity and nature. Article 9(1) of the GDPR establishes a general prohibition on the processing of special categories of sensitive personal data, namely those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of

Furthermore, can adopt internationally recognized technical standards and best practices to ensure the security and privacy of data. For example, the ISO/IEC 27001 standard serves as an international benchmark specifying the requirements for an Information Security Management System (ISMS). ISO/IEC 27001 aims to encompass measures for the implementation, operation, monitoring, review, and continuous improvement of the ISMS. This includes identifying information security risks, implementing appropriate security measures, organizations establishing security policies and procedures, and conducting regular audits and assessments to ensure compliance with the standard's requirements. Certification in compliance with ISO/IEC 27001 is internationally recognized and demonstrates an organization's commitment and concern regarding information security. It enhances trust among customers, partners, and stakeholders, while also ensuring compliance with legal and regulatory requirements related to the protection of personal data and privacy.

SCOPE OF APPLICATION 3.1 Legislative Scope 3.1.1 Definition of personal data

The GDPR definition of personal data stands as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or

www.mgra.pt

Made with FlippingBook - PDF hosting