Portugal
legislation. Its main functions include promoting the application of data protection laws, issuing guidelines and opinions, investigating complaints and data breaches, imposing corrective measures, and applying sanctions in the event of breaches. The CNPD also has investigative and supervisory powers, including the right to access information, request documents, conduct audits, and impose administrative sanctions such as warnings, fines, and data processing bans. In addition to the provisions of Article 57 GDPR, the CNPD has the following duties: To give a non-binding opinion on legislative and regulatory measures relating to the protection of personal data, as well as on legal instruments under preparation in European or international institutions relating to the same matter; To monitor compliance with the provisions of the GDPR and other legal and regulatory provisions relating to the protection of personal data and the rights, freedoms, and guarantees of data subjects, and to correct and penalize non-compliance; Make available a list of processing operations subject to data protection impact assessment, pursuant to Article 35(4) GDPR, also defining criteria that make it possible to specify the notion of high risk provided for in that article;
Prepare and submit to the European Data Protection Board draft criteria for the accreditation of code of conduct monitoring bodies and certification bodies, under the terms of articles 41 and 43 GDPR, and ensure the subsequent publication of the criteria, if approved; Co-operate with the Portuguese Accreditation Institute, I.P. (IPAC, I.P.). in relation to the application of the provisions of Article 14 PDPL, as well as in the definition of additional accreditation requirements, with a view to safeguarding consistency in the application of the GDPR. Furthermore, CNPD exercises the powers laid down in Article 58 GDPR. In addition to general data protection laws, there are specific laws that may affect data protection in certain sectors (i.e., the personal data and privacy protection in the electronic communications sector – Law no. 41/2004, of 18 August, as amended). In this regard, ANACOM is responsible for the regulation and supervision of the electronic communications sector in Portugal, including data protection in certain contexts such as telecommunications and Internet services (i.e., ensuring the security of networks, electronic communications services, privacy in electronic communications and data protection in telecommunications services).
www.mgra.pt
Made with FlippingBook - PDF hosting