Portugal
In addition to these authorities, other bodies may have a relevant role in data protection in Portugal, such as the Public Prosecutor's Office, which investigates cases of serious breaches of data protection, and the National Council for Ethics in the Life Sciences, which can provide opinions on ethical issues related to the processing of personal data in the context of health and biomedical research. VIII. 3 Role, functions and powers of civil/criminal courts in the field of data regulation In Portugal, without prejudice to the right to lodge a complaint with the CNPD, any person may resort to means of administrative protection, specifically of a petitionary or impugnatory nature, to ensure compliance with the legal provisions on the protection of personal data, under the terms of the Code of Administrative Procedure. In addition, in the field of civil liability, any person who has suffered damage as a result of the unlawful processing of data or any other act that violates the provisions of the GDPR or national law on the protection of personal data has the right to obtain compensation from the controller or processor for the damage suffered. Thus, in general, any person can bring actions against the CNPD's decisions, namely of an administrative offence nature, and omissions, as well as civil liability actions for the damage that such acts or omissions may have caused. Such actions fall within the jurisdiction of the administrative courts. www.mgra.pt
On the other hand, the data subject may bring actions against the controller or processor, including civil liability actions. In cases of serious breaches, criminal courts may have to prosecute and judge the person(s) and or/organization(s) responsible. This includes cases of illegal access to information systems, unauthorized disclosure of personal data and other forms of cybercrime related to privacy and data protection. Overall, civil and criminal courts play a crucial role in enforcing data protection laws in Portugal, ensuring that data subjects have effective remedies in case of violations of their rights and that those responsible for such violations are held accountable according to the law. CONSEQUENCES OF NON-COMPLIANCE IX.1 Consequences and penalties for data breach According to Article 4(12) GDPR, a personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The most serious violations of personal data are classified in the PDPL as criminal offences (i.e., improper access, misappropriation, corruption or destruction of data – Articles 47 to 49 PDPL).
Made with FlippingBook - PDF hosting