IV. 1 Key stakeholders The data controller plays a central role in the context of personal data protection. The definition of data controller is given by the GDPR (Article 4(7) GDPR) and adopted by the PDPL: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In addition to the data controller, we find: The data subject (Article 4(1) GDPR): the natural person to whom the personal data relates and belongs; both the GDPR (Article 12 and following GDPR) and the PDPL guarantee several rights to the data subjects, aiming to ensure that the data subjects have control over their personal data, and that such data is lawfully processed; The data processor (Articles 4(8) and 28 GDPR): the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; it should be noted that the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject; Portugal Legislative Framework
The Data Protection Officer / “Encarregado de Proteção de Dados” (“DPO” / “EPD”): designated by the controller and/or processor in certain cases (Article 37(1) GDPR), it shall be involved, properly and in a timely manner, in all issues which relate to the protection of personal data (Article 38(1) GDPR). It should be emphasized that the DPO has specific tasks (Article 39 GDPR), such as: Inform and advise the controller or the processor; Monitor compliance with data protection legislation; Provide advice where requested as regards the data protection impact assessment and monitor its performance; Cooperate with the supervisory authority; Act as the contact point for the supervisory authority on issues relating to processing. In this regard, the PDPL specifies the criteria laid down in the GDPR and also assigns specific duties to the DPO (Articles 9-15 PDPL). IV.2 Role and responsibilities of key stakeholders The data subject shall decide how its personal data is processed and handled, and has several rights, such as
www.mgra.pt
Made with FlippingBook - PDF hosting