Privacy Laws

Portugal's data protection in comparison to the GDPR

The flag of Portugal with the capital in the background — © bennymarty / stock.adobe.com | #173183147

General overview

The primary regulatory body overseeing data protection in Portugal is the Comissão Nacional de Protecção de Dados (CNPD). The GDPR became applicable in Portugal on May 25, 2018, and was further implemented through Portuguese Law No. 58/2019 of August 8, known as the Data Protection Law.

GDPR opening clauses

Portugal has adapted the GDPR through its Data Protection Law, which was published on August 8, 2019. This law assures the execution of GDPR within the Portuguese legal system and provides additional guidelines and regulations.

Key differences and national specifics

Sector-specific Laws: Portugal has additional data protection obligations in certain sector-specific laws. For example, Law No. 12/2005 focuses on data protection regarding genetic and health information, while Law No. 41/2004 is specific to the electronic communications sector.
Criminal offences and penalties: Law No. 59/2009 transposes Directive (EU) 2016/680, which deals with the processing of personal data for the prevention, investigation, detection, or prosecution of criminal offences.
Guidelines by CNPD: The CNPD has issued various guidelines, including guidance on Data Protection Officers (DPOs), electronic direct marketing communications, and organizational and security measures for data processing.
Specific contexts: The CNPD has also issued opinions on the processing of personal data in specific contexts such as health, human resources, marketing, and telecommunications.

Conclusion

Portugal has a comprehensive framework for data protection that not only incorporates the GDPR but also includes additional sector-specific laws and guidelines issued by the CNPD. These additional provisions and guidelines provide a more detailed roadmap for compliance, especially in specialized sectors like healthcare, telecommunications, and criminal justice.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed