DATA PROTECTION LAWS IN PORTUGAL

Abstract

The fundamental right to particular data protection was established in the Constitution of the Portuguese Republic 1976 ('the Constitution'). The first Portuguese Data Protection ActNo.10/91 was espoused in 1991, foreknowing the creation of the Portuguese administrative authority in data protection matters. Before the entry into force of the General Data Protection Regulation ('GDPR'), the general rule was the following before initiating any particular data processing, the regulator had to notify the Portuguese data protection authority ('CNPD') or gain previous processing authorization from the same reality. The CNPD's opinions taken following authorization procedures have been veritably inconsistent. Especially, regarding retention ages of particular data (e.g. for identical particular data processing purposes/ conditioning), the CNPD would establish different retention ages. Hence, it's delicate to prognosticate the interpretations and opinions that the CNPD is likely to borrow within the GDPR. Still, it's worth mentioning that the CNPD has been espousing a conservative approach.