By Hugo Ribeiro, Certified Accountant · Member of the Order of Certified Accountants · HVR Business Consulting
Introduction The General Data Protection Regulation (GDPR) has significantly changed how companies and organizations in Portugal and the European Union must handle personal data. One of the pillars of the GDPR is the rights of data subjects, aimed at ensuring transparency and control for individuals over their personal information. Right of Access The right of access allows data subjects to obtain confirmation of whether their personal data is being processed and, if so, access that data and obtain additional information. This right is enshrined in Article 15 of the GDPR. For instance, a custo…
Key Takeaways
Ensure transparency in personal data processing in Portugal.
Respond to GDPR rights requests within a maximum of one month.
Guarantee data access, rectification, and portability rights.
Implement clear data protection policies and ongoing training.
FAQ
What are data subjects' rights under GDPR?
Data subjects' rights are prerogatives granted by GDPR to individuals to control their personal information, such as access, rectification, erasure, and data portability.
How should my company respond to an access request in Portugal?
Your company must confirm to the data subject if their data is processed and provide access to it, explaining the purpose and who accessed it. The deadline is one month, without undue delay.
What is the importance of the right to be forgotten for Portuguese companies?
The right to be forgotten requires the company to erase personal data when no longer needed, unless there are legal reasons to retain it. Compliance is crucial to avoid GDPR fines.
When does the right to data portability apply in Portugal?
The right to portability applies when the data subject requests data transmission to another controller, in a structured, machine-readable format. Essential for services with transferable data.