Portugal
act that violates the provisions of the GDPR or national law on the protection of personal data has the right to obtain compensation from the controller or processor for the damage suffered (Article 33 PDPL). Additionally, complaints relating to personal data can be addressed to the CNPD (national authority responsible for monitoring and enforcing compliance with data protection legislation), which has, amongst other competences, the power to investigate complaints, carry out audits and impose sanctions in the event of infringements. Complaints and claims shall be submitted in writing via the official website of the CNPD, by completing the complaint form with all relevant information. Upon receipt of a complaint, the CNPD will investigate it and take the necessary measures to resolve the issue and ensure compliance with data protection laws (i.e., imposing sanctions on the organization that failed to comply with data protection laws). RIGHTS AND DUTIES OF DATA PROVIDERS VI.1 Rights and remedies The rights of data subjects are provided for in Articles 12 and following of the GDPR and have no major changes in the PDPL. Data subjects have the rights of information and access to personal data, rectification and erasure of personal data, and to object and to not be subject to automated individual decision-making.
Data subjects also have the right to withdraw their consent to the processing of their personal data at any time. This means that they can revoke a previously given consent to the processing of their personal data. In addition, data subjects have the right to lodge a complaint with the CNPD if they believe that the processing of their personal data was made or is being made in breach of data protection legislation. Data subjects have the right to obtain information about how their personal data is processed, the purposes of the processing, how the data is used, and who has access to it. In addition, data subjects can appoint a representative to act on their behalf and exercise their data protection rights if they are unable to do so personally. This can be particularly useful in situations where data subjects are unavailable or unable to act on their own behalf. VI.2 Duties The duties fall on data controllers and processors, which have several obligations set out in data protection legislation (i.e., GDPR and PDPL). Data processing must comply with the principles set out in Article 5 GDPR (lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality). The controller is responsible for, and shall be able to demonstrate compliance with such principles (accountability).
www.mgra.pt
Made with FlippingBook - PDF hosting