Portugal
another person subject to a duty of confidentiality, and appropriate information security measures must be guaranteed. Furthermore, access to such data shall be exclusively electronic, unless technically impossible or expressly stated otherwise by the data subject, and its subsequent disclosure or transmission shall be prohibited. 3.1.4 Other key definitions pertaining to data and its processing Under the GDPR (Article 4) there are several basic definitions relating to data and its processing, of which we would highlight: Data subject: the natural person to whom the personal data relates; Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; Data processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller; Data processing: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction; www.mgra.pt
Consent: Statement or clear affirmative action freely expressed by the data subject, agreeing to the processing of their own personal data; Personal data breach: breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. These definitions are essential for understanding obligations and responsibilities in this field and, in turn, ensuring that the processing of personal data is carried out ethically and compliantly. 3.2 Statutory exemptions Data protection laws often provide for exemptions or exceptions to the application of protective measures when processing personal data, in certain circumstances. For example, certain legal obligations may require the processing of personal data disregarding the consent of the data subject (i.e., to meet tax obligations, conduct criminal investigations or comply with court orders). In addition, data protection legislation may provide exemptions for the processing of personal data for journalistic, artistic, scientific or cultural purposes, provided that it is carried out in accordance with ethical principles and fundamental rights.
Made with FlippingBook - PDF hosting