GDPR implementation

< >

After several years of negotiation, the European Parliament approved the new General Data Protection Regulation (GDPR), which became mandatory for all state members of the EU in May 25, 2018.
Considering the principle of individual freedom and the right to privacy, GDPR is seen as a great evolution (and revolution) of the current “information society”.

.the_problem {

This new regulation responds to needs magnified by the so called “information society”, where the internet, social networks and other digital ways to share information, have created a situation of difficult resolution: people share their personal data online easily. Meanwhile, companies and organizations are investing ever more in the obtention of targeted information from their target audience. This way, they can target offers and products to people more likely to want to acquire them.


.GDPR overview {

.person’s rights {

It significantly increases the persons’ rights and the information that has to be provided regarding to the data processing activities.



.agreement {

Information systems and processes that use personal data are required to ensure confirmation of acceptance of the conditions from a statement or other unequivocal positive act, making it no longer possible to presume consent, or to make use of pre-selected options.



.data portability {

Individuals now have the right to circulate, copy or transfer personal data, whether public institutions or companies, even when they are competitors.


.application scope {

It covers all companies, public institutions and even organizations that process data on behalf of third parties within the EU – even if they are based outside the EU.



.compliance proof {

It’s not enough to comply with the GDPR. Institutions are now required to provide proof of the implementation of GDPR’s standards for “responsibility” requirement. This implies ensuring and being able to provide proof of the existence of registration processes and systems to ensure compliance with these regulations.



.privacy from start to finish {

Incorporation of privacy considerations in every aspect, and can only be used for strictly necessary data for the purpose for which they are intended.


.mandatory reporting of data breach {

Data regulators must notify local control authorities – CNPD, in Portugal – within 72 hours of becoming aware of the fact. Serious violations must be notified to the affected persons.


.person in charge of data protection {

Mandatory requirement for all public institutions. It requires specialized knowledge of expertise in data protection law and it’s a necessity that can be outsourced to service providers.


.fines {

They may be up to 4% of the annual overall turnover, or 20 million euros, whichever is the biggest. The fine may be imposed even if there is no loss of data.



news.get updated {

  • By submitting your e-mail address on our form you are giving us consent to use your e-mail address to send marketing information.
    Your data will be kept for the terms and conditions legally provided, in accordance with the new General Regulation on Data Protection and the guidelines provided by the National Data Protection Commission.
    You have the right to request access to your personal data, as well as rectification or erasure, and the limitation of treatment, or the right to object to processing, as well as the right to portability of data.
    You also have the right to withdraw your consent at any time without compromising the lawfulness of the treatment made up to the moment you withdraw consent.
    You also have the right to complain about the processing of data with the National Data Protection Commission.
    For the safety of your data, appropriate technical and organizational measures will be applied to ensure a level of security appropriate to the risks.
    You will be notified in case of violation of your personal data, together with the notification to the National Data Protection Commission, under the terms and conditions provided by law.

Share This