ILN Data Privacy Paper

Portugal

10.1 Consequences and penalties for data breach According to Article 4(12) GDPR, personal data violation means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The most serious violations of personal data are classified in the PDPL as criminal offences, e.g., improper access, misappropriation, corruption or destruction of data – Articles 47 to 49 PDPL. Less serious violations of personal data are classified as very serious or serious administrative offences. On the other hand, organizations that do not comply with the GDPR and or the PDPL may be required to take corrective action to remedy the breach and mitigate any harm caused to data subjects. This may include implementing measures to protect the affected data, notifying data subjects of the breach and, where appropriate, providing compensation for any material or non-material damage. Additionally, they may be subject to the mentioned criminal and administrative offences typified by law. The CNPD has the power to issue warnings and impose administrative fines on organizations that violate CONSEQUENCES OF NON-COMPLIANCE

As for civil liability, any person who has suffered damage as a result of the unlawful processing of data or any other act that violates the provisions of the GDPR or national law on the protection of personal data has the right to obtain compensation from the controller or processor for the damage suffered. Thus, in general, any person can bring actions against the CNPD's decisions, namely of an administrative offence nature, and omissions, as well as civil liability actions for the damage that such acts or omissions may have caused. Such actions fall within the jurisdiction of the administrative courts. On the other hand, the data subject may bring actions against the controller or processor, including civil liability actions. Serious breaches are prosecuted and judged. This includes the person(s) and or/organization(s) responsible for illegal access to information systems, unauthorized disclosure of personal data and other forms of cybercrime related to privacy and data protection. Overall, civil and criminal courts play a crucial role in enforcing data protection laws in Portugal, ensuring that data subjects have effective remedies in case of violations of their rights and that those responsible for such violations are held accountable in accordance with the applicable law.

www.mgra.pt

Made with FlippingBook - PDF hosting