ILN Data Privacy Paper

Portugal

provide guarantees regarding the implementation of appropriate security measures and compliance with data protection laws. A formal contract should be established between the two parties, clearly defining the obligations, responsibilities, and security sufficient measures that the processor must adopt to protect personal data. The parties shall work together to ensure that personal data is processed in accordance with data protection laws and regulations (Article 28 GDPR). Finally, the DPO (when designated, as per Article 37(1) GDPR) has specific tasks laid down in Article 39 GDPR, such as: (i) inform and advise the controller or the processor; (ii) monitor compliance with data protection legislation; (iii) provide advice where requested as regards the data protection impact assessment and monitor its performance; (iv) cooperate with the supervisory authority; (v) act as the contact point for the supervisory authority on issues relating to processing. In this regard, the PDPL specifies the criteria laid down in the GDPR and assigns specific duties to the DPO (Articles 9-15 PDPL). REQUIREMENTS FOR DATA PROCESSING 5.1. Grounds for collection and processing The processing of personal data is delimited by principles such as (i) lawfulness, fairness and transparency, (ii) purpose limitation,

(iii) data minimization, (iv) accuracy, (v) storage limitation and (vi) integrity and confidentiality. The controller is subject to accountability and shall be responsible for, and be able to demonstrate compliance with such principles. Processing of personal data shall be lawful only if and to the extent that at least one of the following apply (Article 6(1) GDPR): the data subject has given consent to the processing of his/her personal data for one or more specific purposes;

www.mgra.pt

Made with FlippingBook - PDF hosting