Portugal
ØRegulation of electronic and non- electronic data In Portugal, electronic and non- electronic data are primarily regulated by the GDPR and the PDPL, which establish rules for the processing of personal data, regardless of the format in which it is stored. In the field of health and genetic data processing, Article29(2) PDPL establishes that in the cases provided for in Article 9(2)(h) and (i) of the GDPR, the processing of the data provided for in Article 9(1) of the GDPR must be carried out by a professional bound by secrecy or by another person subject to a duty of confidentiality, and appropriate information security measures must be guaranteed. Furthermore, access to such data shall be exclusively electronic, unless technically impossible or expressly stated otherwise by the data subject, and its subsequent disclosure or transmission shall be prohibited. III.1.4 Other key definitions pertaining to data and its processing Under the GDPR (see Article 4), there are several basic definitions relating to data and its processing, of which we highlight: Data subject: the natural person to whom the personal data relates; Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; www.mgra.pt
Data processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller; Data processing: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction; Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which, through a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; Personal data breach: breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. These definitions are essential for understanding obligations and responsibilities in this field and, in turn, ensuring that the processing of personal data is carried out ethically.
Made with FlippingBook - PDF hosting