Portugal
The data subject (Article 4(1) GDPR): the natural person to whom the personal data relates and belongs; both the GDPR (Article 12 and following GDPR) and the PDPL guarantee several rights to the data subjects, aiming to ensure that the data subjects have control over their personal data, and that such data is lawfully processed; The data processor (Articles 4(8) and 28 GDPR): the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; it should be noted that the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject; The Data Protection Officer / “Encarregado de Proteção de Dados” (“DPO” / “EPD”): designated by the controller and/or processor in certain cases (Article 37(1) GDPR), it shall be involved, properly and in a timely manner, in all issues which relate to the protection of personal data (Article 38(1) GDPR). 4.2 Role and responsibilities of key stakeholders The data subject shall decide how its personal data is processed and handled and has several rights, such as the right to confirm whether the data is being processed and, if so, to www.mgra.pt
have access to that data and information. Where applicable, the data subject may also: (i) request that inaccurate or incomplete personal data be corrected; (ii) request the deletion of personal data, unless there are legal grounds for its processing; (iii) object to the processing of personal data in certain circumstances, such as in direct marketing situations; (iv) request the restriction of the processing of personal data in certain specific situations. In its turn, the data controller must (i) ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR and national data protection legislation; (ii) define the specific purposes for which personal data are processed and (iii) ensure that the rights of data subjects are respected, including the rights of access, rectification, erasure and portability. The controller should also implement appropriate technical and organizational measures to ensure the security and privacy of personal data. The data processor shall implement technical and organizational measures to ensure compliance with data protection laws (i.e., GDPR and national laws), and shall also manage the storage of personal data on servers or cloud platforms and process personal data on behalf of the data controller (i.e., payment processing and marketing services). Therefore, it is crucial for the controller to select processors who
Made with FlippingBook - PDF hosting