Data Protection in Portugal

National data protection authority in Portugal

EU regulation

Enforcement of the GDPR is the prerogative of data protection regulators, known as supervisory authorities (for example, the Cnil in France or the ICO in the UK). The European Data Protection Board (the replacement for the so-called Article 29 Working Party) is comprised of delegates from the supervisory authorities, and monitors the application of the GDPR across the EU, issuing guidelines to encourage consistent interpretation of the Regulation.

The GDPR creates the concept of lead supervisory authority. Where there is cross-border processing of personal data (ie, processing taking place in establishments of a controller or processor in multiple Member States, or taking place in a single establishment of a controller or processor but affecting data subjects in multiple Member States), then the starting point for enforcement is that controllers and processors are regulated by and answer to the supervisory authority for their main or single establishment, the so-called lead supervisory authority (Article 56(1)).

However, the lead supervisory authority is required to cooperate with all other concerned authorities, and a supervisory authority in another Member State may enforce where infringements occur on its territory or substantially affect data subjects only in its territory (Article 56(2)).

The concept of lead supervisory authority is therefore of somewhat limited help to multinationals.


Portugal regulation

Comissão Nacional de Proteção de Dados (‘National Commission for the Protection of Data’. also known as ‘CNPD’).

Av. D. Carlos I, 134 - 1.º

1200-651 Lisboa

T +351 21 392 84 00

F +351 21 397 68 32

[email protected]

www.cnpd.pt

Continue reading

  • no results

Previous topic
Back to top