Is There Anything Left of the Portuguese Law Implementing the GDPR?: The Decision of the Portuguese Supervisory Authority
Personal Data Protection and Legal Developments in the European Union, ed. Maria Tzanou (IGI Global, 2020), 125
Posted: 3 Oct 2022
Date Written: June 1, 2020
The entry into force of the General Data Protection Regulation (GDPR) was expected to cause difficulties to data controllers and data processors mostly due to the practical consequences of the accountability principle and the role of risk. However, in Portugal, there were supplementary problems triggered by two events: the lengthy legislative process of the national law implementing the GDPR and the decision of the national supervisory authority to disapply nine provisions of it. In August 2019, the Portuguese Parliament adopted the law implementing the GDPR, Law 58/2019. One month later, the Portuguese supervisory authority, Comissão Nacional de Proteção de Dados, decided that nine articles of the recently adopted national law were incompatible with European Union Law. This chapter aims to address this chain of events, understand the reasoning behind the decision of the Portuguese authority, and tackle its practical consequences for the day-to-day data-processing activities of data controllers and data processors. Overall, it also aims to evaluate what is left of the national piece of legislation after this decision.
Keywords: data protection; implementing GDPR; Portugal; CNPD
Suggested Citation: Suggested Citation