Today, January 28, 2020, the European Data Protection Day is celebrated for the 14th time, called, outside Europe, the “Privacy Day”. This date, established in 2006 by the Council of Europe, was chosen since it was on 28 January 1981 that the Council of Europe convention on the protection of individuals with regard to automated processing of personal data, known as “Convention 108” , was opened for signature.
The commemoration of this day is intended to raise awareness of the importance of privacy, promote the protection of personal data, inform citizens about their rights and how to exercise them more effectively, as well as alert the entities to best practices to be verified in this regard.
In Portugal, the General Regulation on Data Protection (“GDPR”), directly applicable in all Member States since 25 May 2018, was joined by Law No. 58/2019, of 8 August. Among other aspects that, unfortunately, fell short of all the public discussion that the initial proposal raised, the national statute came, without much surprise, to confirm the National Data Protection Commission (“CNPD”) as “the national control authority for effects of the GDPR and the present law ”, which, in that capacity, manifested a frontal disagreement with the applicability of several provisions of the statute.
Nevertheless, in the performance of its duties and competences, CNPD has already imposed 4 (four) fines on public and private entities, due to insufficient compliance with the rights of data subjects and insufficient technical and organizational measures to ensure security information. In comparison, it can be seen that of the 190 (one hundred and ninety) fines imposed by the set of European national supervisory authorities, the Spanish SDPA stands out with 43 (forty-three) fines applied, followed by the Romanian ANSPDCP with 21 (twenty-one) ).
In the specific context of the implementation of the GDPR and the national statute, GPA - Gouveia Pereira, Costa Freitas & Associados - Law Firm, SP, RL has continued to develop projects to implement the new rules on the protection of personal data, to be provided supporting the function of data protection officer and providing legal advice to several clients in the most different sectors of business and activity. In addition to the support provided to Portuguese (public and private sector) multinational companies, many of which are regulated, GPA was the partner chosen by many SMEs - taking into account the model that they designed especially for them - for the implementation and compliance with the rules on protection of data.
Currently, we have a team of 20 (twenty) Data Protection Professionals, with top certification issued by the Irish Computer Society, as well as 1 (one) certification by the IAPP - International Association of Privacy Professionals.
In 2019, GPA promoted, together with the Faculty of Law of the University of Lisbon, the I International Conference on Data Protection Law and the I Data Protection Law Days, which took place, respectively, on 30 May and October 24, as well as the I Advanced Postgraduate Course in Data Protection Law, running from October 23, 2019 until the next May 13, 2020, counting all these events with the participation of several speakers who are GPA contributors.
It should also be noted that GPA signed a chapter on Cybersecurity legislation in Portugal, published by ICLG (International Comparative Legal Guide).
For its part, the GPA Academy - which aims to provide continuous training for GPA's Lawyers and Employees - promoted the 1st Edition of the training “The DPO at IPSS”, in partnership with the F3M Training Center, meeting the specific needs of those entities and, well, promoted a workshop on Privacy and Data Protection, in partnership with the Portuguese Chamber of Commerce and Industry.
In addition, it should be noted that the GPA Academy recently promoted the 11th edition of the Data Protection Professional course, in partnership with the Irish Computer Society, with a certificate.
For more information on this topic, please contact the Data Protection Department of GPA Advogados, through the electronic address gpa@gpasa.pt.
For more information on training on Data Protection, please contact GPA Academy, through the electronic address gpacademy@gpacademy.pt.