search
The General Data Protection Regulation (“GDPR”) promises to be the most significant global development in data protection laws across all European Union (“EU”) Member States since Directive 95/46/EC (“Data Protection Directive”), which was implemented in Portugal by Law 67/98, of 26 October 1998.
The GDPR will be directly applicable in all EU Member States from 25 May 2018. The new regulation will have a global scope, as businesses based outside the EU that offer goods or services to individuals in the EU may be required to comply with the GDPR.
The risk of fines up to 4% of annual worldwide turnover or €20 million is surely a strong incentive for companies to comply with the GDPR.
The new regulation is expected to be homogenously applied throughout the EU. Notwithstanding, Portuguese law will apply in cases it may impose more detailed conditions, such as those relating to the processing of sensitive data, particularly genetic data, biometric data or data concerning health. Portuguese law may also contain specific rules regarding the processing of employees' personal data, especially for the purposes of recruitment, performance and termination of the employment contract, which will apply together with the GDPR.
The combined application of the GDPR and the Portuguese law will be particularly relevant where companies collect and process data from Portuguese individuals and/or the Portuguese supervisory authority acts as lead authority due to the fact the main establishment or the single establishment of the controller or processor is located in Portugal.
Individuals, who are resident in Portugal, will have the right to lodge complaints with the Portuguese supervisory authority. For proceedings against a data controller or processor, the plaintiff will have the right to bring the action before the Portuguese courts if the data controller or processor’s business or the individuals’ residence is located in Portugal.
Although the core data protection rules remain broadly the same, there are important changes with impact on day-to-day business and for which companies should be aware of and prepare in advance.
As companies prepare for the entry into force of the GDPR, we propose a seven steps plan detailing the main aspects of the GDPR that companies need to take. This should be also used as an opportunity to improve the way the companies deal with personal data within their organization. The countdown to 2018 has started.
search
Banking and Capital Markets
We have experience in the financing of companies, public and private, derivatives, in the financing of projects and capital markets.
Corporate and Commercial
We advise domestic and foreign clients in various legal aspects necessary for the development of its business in Portugal.
Litigation and Arbitration
We work in all areas of civil litigation, commercial, labor, industrial property, administrative and tax and still in insolvency and restructuring.
Projects and Infrastructures
We have worked on many projects and infrastructure operations as well as telecommunications and energy operations and particularly in matters of administrative law, regulation and environmental law.