ILN Data Privacy Paper

Portugal privacy policies, privacy notices or consent forms) and ensure data security by implementing appropriate technical and organizational measures to protect against unauthorized access, disclosure, alteration, accidental or unlawful destruction (in other words, personal data breaches). Public or private organizations must also cooperate with the CNPD, providing it with all the information it requests in the exercise of its powers and competences. On the other hand, the DPO is also subject to duties of secrecy and confidentiality. Finally, the rights to information and access to personal data provided for in Articles 13 to 15 GDPR cannot be exercised when the law imposes a duty of secrecy on the controller or

processor that is enforceable against the data subject; nevertheless, the data subject may request the CNPD to issue an opinion on the enforceability of the duty of secrecy (Article 20 PDPL). PROCESSING OF CHILDREN OR MINORS’ DATA The processing of personal data of children or minors in Portugal is subject to specific provisions to ensure adequate protection, considering the vulnerability of these individuals. The GDPR is directly applicable in Portugal and establishes that consent for the processing of personal data of children is only valid if the child is at least 16 years old (or, if the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child). Children personal data can only be processed based on the consent provided for in Article 6(1)(a) GDPR and relating to the direct offer of information society services when they have reached the age of 13 (Articles 8 GDPR and 16 PDPL). If a child is under 13, consent for the processing of his or her personal data must be given or authorized by his or her parents or legal guardians, preferably by means of secure authentication.

www.mgra.pt

Made with FlippingBook - PDF hosting