Portugal
Organizations implement security measures to protect personal data during disclosure, sharing, or transfer. This includes access controls, activity monitoring, and protection against unauthorized access. In addition, tests should be conducted to identify potential vulnerabilities or threats to data security during disclosure, sharing, or transfer. In addition, where personal data is shared with third parties, must therefore appropriate organizations should enter into confidentiality agreements to ensure that personal data is treated in accordance with data protection laws. V.6 Cross-border transfer of data For the purposes of the GDPR, cross- border processing means either: Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or Processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the European Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
Cross-border transfer of personal data involves the transmission of personal information from one country to another. This type of transfer is common in a globalized world, where companies often have operations in multiple countries and may need to access personal data of individuals located in different legal jurisdictions. Transfers of personal data to third countries or international organizations is provided for in Articles 44 to 50 GDPR. As a general rule (Article 44 GDPR), any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if, subject to the other provisions of this Regulation, the conditions laid down in the GDPR are complied with by the controller and processor - including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation. Article 49 GDPR also establishes derogations for specific situations: in the absence of an adequacy decision or of appropriate safeguards (including binding corporate rules), a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions:
www.mgra.pt
Made with FlippingBook - PDF hosting