Portugal
the administrative courts against the decisions, namely of an administrative offence nature, and omissions of the CNPD, as well as civil liability actions for the damage that such acts or omissions may have caused. Other relevant authorities are the National Communications Authority (ANACOM), the Public Prosecutor's Office (MP) and the National Council for Ethics in the Life Sciences. 8.2 Role, functions and powers of authorities The CNPD is responsible for supervising and enforcing compliance with data protection legislation. Its main functions include promoting the application of data protection laws, issuing guidelines and opinions, investigating complaints and data breaches, imposing corrective measures and applying sanctions in the event of breaches. The CNPD also has investigative and supervisory powers, including the right to access information, request documents, conduct audits, and impose administrative sanctions such as warnings, fines and data processing bans. In addition to the provisions of Article 57 GDPR, the CNPD has the following duties: Issue non-binding opinion on legislative and regulatory measures relating to the protection of personal data, as well as on legal instruments
Therefore, children, as well as their parents or legal guardians, must be provided with clear and transparent information about how personal data will be processed. This includes the purposes of the processing, the categories of personal data involved, who has access to the data and how long the data will be kept. These data must be treated with special care and protection, considering the vulnerability of a child. This includes implementing appropriate security measures to protect personal data from unauthorized access, disclosure or alteration, and ensuring that processing is transparent. REGULATORY AUTHORITIES 8.1 Overview of relevant statutory authorities The CNPD is the national supervisory authority in Portugal for the purposes of the GDPR and the PDPL compliance. In addition to the provisions of Article 57 GDPR, the CNPD carries out other tasks, specifically foreseen in Article 6 PDPL. Additionally, the CNPD also exercises the powers provided for in Article 58 GDPR. As already mentioned, the competent authority for accrediting data protection certification bodies is the IPAC, I. P. as set out in Article 43(1)(b) GDPR. It should also be noted that any person, in accordance with the general rules, may bring actions to
www.mgra.pt
Made with FlippingBook - PDF hosting