ILN Data Privacy Paper

Portugal

data protection laws. The CNPD may also intervene in legal proceedings in the event of a breach of the provisions of the GDPR and the PDPL, and must report to the Public Prosecutor's Office any criminal offences of which it becomes aware, in the performance of its duties or on account thereof, as well as carry out any necessary and urgent precautionary acts to secure evidence. 10.2 Consequences and penalties for other violations and non- compliance On top of administrative sanctions, the person(s) and or organization(s) that violate(s) data protection legislation may face civil actions brought by affected data subjects seeking compensation for damages caused by the breach and or non- compliance with the GDPR and or the PDPL. Additionally, the data subject has always the right to lodge a complaint with the CNPD. Depending on the nature and severity of the breach and or the non-compliance, regulatory authorities may end up revoking or suspending an organization’s license and or authorization to operate in certain sectors, such as telecommunications, financial services or healthcare. It should be noted that the PDPL does not make a profound distinction between data breaches (in the strict sense) and other breaches of the GDPR or the PDPL, treating data breaches (in the broad sense) as a unitary issue. In summary, data breaches in www.mgra.pt

Portugal can lead to various consequences and sanctions, including criminal investigations and judgements, administrative and or civil legal actions, administrative fines, reputational damages, loss or suspension of licenses, and complaints to the CNPD as well. Conclusion Personal data protection is governed by specific EU and internal legislation such as the GDPR and the PDPL, amongst others. The CNPD is the national independent and public supervisory authority set up in Portugal under Article 51 of the GDPR, primarily responsible for monitoring and enforcing compliance with such legislation. Personal data is protected on first hand by being framed within the scope of fundamental rights. Data subjects have several rights, including the right of access, rectification, erasure, restriction of processing, data portability and the right to object to the processing of their personal data. If an unforeseen event occurs, data subjects should file a complaint with the CNPD or resort to courts to ensure that their rights are respected and or repair the damage caused. Data controllers and processors handling personal data in Portugal have clear obligations to comply with data protection legislation, including by implementing appropriate technical and organizational measures to ensure

Made with FlippingBook - PDF hosting