Portugal
GOVERNING DATA PROTECTION LEGISLATION
Law no. 41/2004, of 18 August 2004 (as amended), regarding personal data protection and privacy in telecommunications; Law no. 43/2004, of 18 August 2004 (as amended), regarding the organisation and operation of the National Data Protection Commission (“CNPD”). II.2. Additional or ancillary regulation, directives, or norms In addition to the GDPR and the aforementioned Portuguese legislation, there are additional regulations, directives, and standards that can be relevant to data protection in Portugal. The CNPD (independent and public supervisory authority established in Portugal under Article 51 of the GDPR) is responsible for monitoring the application of the GDPR to defend the fundamental rights and freedoms of natural persons regarding processing, and to facilitate the free movement of such data within the European Union. As part of its remit, the CNPD has drawn up regulations and directives, of which we would highlight: Regulation no. 798/2018, of 14 November 2018 (Regulation no. 1/2018 CNPD), approved under Articles 35(4) and 57(1)(k) of the GDPR, on the list of processing operations of personal data subject to a Data Protection Impact Assessment (DPIA);
II.1. Overview of principal legislation In Portugal, personal data protection is primarily provided for, within the scope of fundamental rights, in Article 35 of the Constitution of the Portuguese Republic, which establishes that the law defines the appropriate forms of protection of personal data and other data whose safeguarding is justified for reasons of national interest. In addition, data protection legislation is also governed by the PDPL, which ensures the execution of the GDPR in the Portuguese legal system. The GDPR establishes the framework and rules of the European Union law on the protection of natural persons concerning the processing of personal data and on the free movement of such data. It should be noted that the GDPR became applicable from 25 May 2018 and it is binding in its entirety and directly applicable in all Member States (including Portugal), under the terms of Article 288 of the Treaty on the Functioning of the European Union, and Article 99/2 of the GDPR. In other words, the GDPR embodies the European Union's effort to strengthen and unify data protection laws across all the EU Member States. Other relevant laws in Portugal, besides the PDPL, are listed below: Law no. 59/2019, of 8 August 2019, regarding personal data for the prevention, detection, investigation, or prosecution of criminal offences;
www.mgra.pt
Made with FlippingBook - PDF hosting