Postgraduate Course in Public Procurement Management Read more
10 Key steps for compliance with the GDPR
The European Commission granted two years between the entry into force of the General Data Protection Regulation and its full implementation, on 25 May, for companies to adapt to the new rules. There are just under two months to go and there are still many entities that do not know where to start. According to Jane Kirkby, these are the essential steps to achieve this goal.
On 25 May 2016 Regulation (EU 2016/679) of the European Parliament and of the Council of 27 April on the protection of a natural person with regard to the processing of personal data and on the free movement of such data entered into force, repealing Directive 95/46/EC of 24 October 1995, the General Data Protection Regulation (GDPR). These new rules have brought numerous challenges to all entities and agents whose activities involve the processing of personal data.
Considering that the full implementation of the Regulation was set for May 25, 2018, the entities had two years to identify the changes necessary to comply with the new data protection regime and its implementation, including the adoption and implementation of new security measures.
There is still time
It turns out that we are already in count down until May 25 and the truth is that most companies in Portugal have not done their homework and a large part still don’t know what to do. Nevertheless, we believe that, “rolling up our sleeves,” it is still possible for organizations to comply with the GDPR until then.
The first thing to bear in mind is that the GDPR is not the “bogeyman” but rather a challenge for entities and agents, an opportunity to assess how activities involving the processing of personal data are performed by companies and define and implement compliance policies with the new rules.
Where to start?
1. Survey of databases
The first task is to survey all the activities that involve the processing of personal data and to catalogue databases, for example, of workers; of data from newsletters; from clients; of suppliers.
2. Verification of compliance with the principles relating to the processing of personal data
Each database must be surveyed to verify whether the principles relating to the processing of personal data are being complied with:
- Lawfulness, loyalty and transparency;
- Limitation of purpose;
- Minimization of data;
- Accuracy;
- Preservation limitation;
- Confidentiality integrity
3. Identifying the basis for processing
The processing of each database must be legally reasoned.
The basis for the processing of each database may have different sources, such as the consent of the data subject, the performance of a contract or pre-contractual procedures, legal obligations, defence of vital interests, functions of public interest and the exercise of public authority or legitimate interests.
4. Review of consent forms and contracts
Depending on the legal basis for the data processing, whether consent or the signing of a contract, all forms of consent and contractual clauses should be reviewed to bring them into line with the new requirements of the GDPR, in particular as regards the information that must be made available to the data subjects and the way it’s provided, in particular when dealing with minors.
Consent for processing data should be requested again if the form in which the consent was given does not meet the conditions set out in the GDPR.
5. Review of subcontracts
All subcontracts (written or otherwise) entered into by the company with any natural or legal person, public authority, agency or other body for the processing of personal data on its behalf shall be reviewed.
All identified contractual relationships must be put in writing, with the minimum content required by the GDPR.
6. Mechanisms for guaranteeing the rights of data subjects
Companies should implement or ensure that their subcontractors have in place mechanisms that ensure timely exercise of the rights of data subjects:
- Right of access;
- Right to rectification or deletion;
- Right to limit the processing;
- Right to object to the processing;
- The right to transferability;
- Right to withdraw consent.
7. Implementation of technical and organizational security measures, by design and by default
Both at the time of the definition of the means of processing and at the time of the processing itself, the appropriate technical and organizational measures to ensure a level of safety appropriate to the risk, taking into account the most advanced techniques, the implementation costs and the nature, scope, context and purpose of treatment, as well as the risks to the rights and freedoms of natural persons whose likelihood and severity may be variable, shall be implemented
The GDPR gives us some clues about the measures that need to be implemented by companies to comply with this obligation:
- Pseudonymization and encryption of personal data;
- Mechanisms to ensure the permanent confidentiality, integrity, availability and resilience of processing systems and services (ranging from physical security to password encryption);
- Instruments allowing the restoration of availability and access to personal data in a timely manner in the event of a physical or technical accident;
- Processes to regularly test, evaluate and evaluate the effectiveness of the implemented measures;
- Compliance with a Code of Conduct, when applicable;
- Certification procedure, when created by the supervisory authority;
- Adoption of compliance instruments, namely regulations, standards and procedures specific to certain areas, departments or units, to assist and define internal processes for data protection, in order to contribute to the promotion of the implementation of the GDPR.
8. Registration of data processing activities
Companies with more than 250 data-processing workers likely to pose a risk to the rights and freedoms of data subjects, regular or covering sensitive categories of data, shall keep a written record, including in electronic form, of all processing activities under their responsibility.
9. Definition of internal procedures for notification of violations of personal data
All companies must ensure in advance that they have internal procedures in place to enable them to comply with the obligation to notify a breach of personal data, that can result in a risk to the rights and freedoms of natural persons, to the supervisory authority, without undue delay and until 72 hours after having knowledge of it, or, where applicable, to the data subject.
They should also create a record to document any data breaches, subject to notification or not.
10. Designation of a Data Protection Officer
When companies fall into one of the following situations, they must appoint a data protection officer:
(a) Public entities (with the exception of courts in the exercise of the judicial function);
(b) Large-scale data processing operations;
(c) Large-scale processing operations of special categories of data.
Outside of these situations, the designation of a data protection officer is not mandatory, but it is advisable.
More in Communication
- Public Protection
- law firm
- BAS
- Covid-19
- 10 years
- anniversary
- Best Lawyers
- Portugal
- Who's Who
- Video surveillance
- Privacy
- Minors
- Health and Sciences
- Public Policies
- Coronavírus
- Atividade
- Real Estate 2020
- Corporate Law
- Legal Persons
- Companies
- Professional Secret
- Confidentiality
- Changes
- Public Law
- Life Sciences
- Awards
- Labour Awards
- Law
- Exceptional Measures
- State Budget
- Contracts
- Iberian Lawyers
- Lay-Off
- Lay-Off
- Mental Health
- Stress
- Saúde mental
- Leaders League
- Actualidade Ibérica
- Almedina
- Idealista
- APMEP
- Congress
- MIPIM
- SIGI
- REIT
- Imobiliário
- Mozambique
- ICLG
- Moçambique
- Secrecy
- Professional secrecy
- Labor
- ILO
- International Labor Organization
- RCBE
- sociedades
- pessoas coletivas
- Expo Real
- National Health Service
- NHS
- Hospitals
- Book
- PhD thesis
- Schools
- CNPD
- Gig Economy
- Emprego Público
- Public Sector Employment
- Contratação Pública
- Staff Costs
- Fiscal Law
- PPC
- Whistleblower
- Direito Civil
- Flextime
- Direito da Saúde
- Family Law
- Environmental Law
- Global Mobility
- ranikings
- Medicina Law
- pessoas coletivas
- M&A
- Proteção de
- international
- Laboral Law
- Public Employment Law
- Health Law and Social Security
- Labour and Social Security Law
- Electronic Invoice
- Tax Law
- Civil Law
- Commercial Law
- Public Contracts
- Electronic Invoicing
- Gender Equality
- Medical Error
- Forty Under Forty
- Self-Employed Workers
- Competition Law
- Employment Law
- Directory
- law firms
- Digital Era
- Global Business
- European Congress
- medical law
- Money Laundering
- Transparency
- Personal Data
- Minimum Wage
- Healthcare
- Secutity
- State
- Labour
- Sport Law
- Employment
- Partnership
- Chambers and Partners
- Public Employment
- Directories
- Business Law
- Students
- Trainees
- Administrative Law
- Administrative Litigation
- Guide
- conference
- Local Housing
- Public Procurement
- Health
- Innovation
- Data Protection
- Advertising
- Medicines
- Medical Devices
- Sports Law
- Real Estate
- Fairs
- Sports
- Guides
- Ranking
- Lawyers
- Magazine
- Law School
- Job
- Sport
- Press
- Women's Human Rights
- Women
- Human Rights
- Independent Workers
- Health and Life Sciences
- Health Law
- Chambers
- webinar
- Infarmed
- Helpo
- Workshop
- Football
- Iberian Lawyer
- Equality
- Man
- Woman
- Equal Pay
- Real Estate Law
- Immigration
- Foreign Investment
- Jornal Económico
- Marketing
- Chambers Europe
- In-Lex
- Emails
- Golden Visa
- traffic accident
- Team
- Labor Law
- Social Security
- Em
- Labour Code
- Family
- GRDP
- Research
- Clinical Research
- GDPR
- Children
- Industrial Property
- Social Security Law
- Europe
- Award
- Health and Scieces Law
- Labour Law
- Right of Preference
- Civil and Labour Litigation
- Local Accommodation
- Lawyer
- Social Responsability
The new Equal Remuneration Law under review Read more
Local accommodation: will a global problem have a national solution? Read more
BAS celebrates eight years Read more
BAS at Firm’s to Watch in The Legal 500 Read more
Portuguese companies at the Real Estate Show in Paris Read more
BAS reinforces its team with three trainee lawyers Read more
BAS strengthens its team with the arrival of Luciana Sousa Santos Read more
Pedro Madeira de Brito participates in the new edition of the Annotated Labour Code 2020 Read more
Law Firm of the Year – Life Sciences Read more
Press: Best Lawyers distinguishes Portuguese law firms and lawyers Read more
The recent changes in the assumption of multiannual liabilities by NHS entities Read more
What has changed in the contribution regime for self-employed workers? Read more
Pedro Madeira de Brito spotlighted in Life Sciences Read more
Cláudia Monge analyses new data protection regulation Read more
Margarida Ferreira discusses European legislation and its application in Portugal Read more
Forty under 40 finalists Read more
Information session on the changes to the Labour Code Read more
BAS represents Portugal in EU Employment and Social Security Law Webinar Read more
“Whistleblowing” alerts for companies with 50 or more employees Read more
BAS named the Best Health Law Firm 2018 Read more
BAS shortlisted for the Iberian Lawyer Labour Awards Read more
Transparency in the advertising of medicinal products and medical devices Read more
Sports Law seen out of the box Read more
Cláudia Monge in debate with patient organisations “Hospital without walls” Read more
BAS at JobShop’23 Read more
Pedro Madeira de Brito distinguished by Best Lawyers Portugal 2017 Read more
Company Agreement under the microscope Read more
IBL Read more
Iberian Lawyer Labour Awards 2024 finalists Read more
Advogar: BAS present at MIPIM Read more
Summary of the ruling of the Supreme Administrative Court (First section) of 16.11.2017, case No 0935/17, rapporteur: Teresa de Sousa Read more
Cláudia Monge in a conference in Sintra on Medical Error Read more
EELA Conference 2017 Read more
National Congress of Public Procurement Read more
Law firm ot the Year in Life Sciences Read more
Local Housing: Global Problem, National Solution? Read more
Catholic University’s Law JobShop: BAS at the market of opportunities Read more
COVID-19 – Support clients in times of mutual assistance of all and for all Read more
BAS at the EELA annual conference Read more
The consent of minors and the GDPR Read more
Data Protection and Health Data Read more
BAS at the European Employment Lawyers Association conference Read more
Take a step back and reassess your priorities Read more
Five lawyers of BAS were recognized in Best Lawyers Read more
BAS and the outcomes of MIPIM Read more
5th European Conference: sustainable and innovative public procurement Read more
New sports law magazine Read more
Sustainability and efficiency in the hospital sector Read more
Partnerships for innovation, for what and how? Read more
BAS becomes a member of CELIA Alliance Read more
The Employment Law team participate in the conference of EELA Read more
The Women’s Human Rights Summit Read more
IV Course in Health Law Read more
II Workshop – The National GDPR Enforcement Act: What to Expect? Read more
Course on “Health Law Read more
Claúdia Monge coordinates Medical Law course Read more
Marco Real Martins finalist in the Iberian Lawyer’s Forty under 40 Read more
Smart work: The Law and the new trends in the labour market Read more
Dália Cardadeiro wins Lawyer of the Year award Read more
Rebenta a Bolha! (The game is over) Read more
The impact of the new Data Protection Regulation on the Schools Read more
JM Seminar: Sports Law and Sports Policies Read more
New Decree-Law no. 73/2021, of 18 August Read more
Decent Work Agenda Read more
BAS in the Advocatus Search a Lawyer Guide Read more
Best Lawyers Distinguishes Pedro Madeira as Lawyer of the Year in Portugal Read more
BAS lawyers in the Best Lawyers’ Global Business edition Read more
General framework of the new GDPR and national law – Of medical data in particular Read more
BAS debates restructuring processes in webinar on Labour Law Read more
Data protection in Workshop Read more
Cláudia Monge speaks about medical secrecy and secrecy in law Read more
Smart work and the new trends on the labor sector Read more
BAS ranked in Chambers Europe 2019 Read more
New minimum wage and update of service contract values Read more
How Portugal adopted the Real Estate Investment Trusts (REIT) regime Read more
Cláudia Monge wins “Lawyer of the Year” in Privacy and Data Security Law Read more
BAS organizes the workshop “Two years of General Data Protection Regulation. Are we ready?” Read more
Summer Internship Fair | FDUL Read more
BAS ranked in Chambers Europe 2020 Read more
Marco Real Martins nominated for the Forty Under Forty awards Read more
BAS and Cláudia Monge are finalists in Life Sciences at Iberian Lawyer Awards Read more
Information session on the main changes to labour legislation Read more
Updating of Guaranteed Minimum Monthly Pay (“RMMG”) Read more
Catholic Porto analyses the impact of the processing of personal data Read more
Partner of BAS on the Best Lawyers’ directory Read more
Executive Program: “Contracting and Management of Public Works” Read more
Key developments in the revised Public Procurement Code Read more
Updated Version: BAS Simplified Lay Off Guide Read more
Press: Employment Law Webinar Read more
Changes to the Labour Code Read more
Cláudia Monge speaks at the Judicial Protection of Health as a Fundamental Right seminar Read more
Advanced Training Programme on Public Procurement Read more
BAS and Legalline Mozambique in Employment & Labour Law 2018 Read more
Public Procurement and Innovation Read more
Leaders League ranking recommends BAS in Labour Law Read more
Who’s Who in Business Law in Portugal: Dalia Cardadeiro’s expectations for 2020 Read more
Real Estate Brochure Read more
Life-long Learning One Health Read more
BAS presence in Expo Real 2016 Read more
Advogar: BAS lawyers author a chapter on real estate in Portugal at ICLG Read more
BAS grows stronger with the arrival of Isabel Sousa Castro as associate lawyer Read more
Team BAS reinforced Read more
General Data Protection Regulation and Health Data Read more
Public Health Policies in review Read more
The draft law for a new Industrial Property Code Read more
Public Procurement and Pre-contractual Litigation under discussion: Analysis and evaluation of the proposals Read more
Data Protection: BAS joins APDPO Read more
BAS is a finalist in the Labour Awards Read more
Press: Alexandra Almeida Mota practical talks about restructuring in Europe Read more
New legislation to fight against money laundering Read more
EELA annual conference 2024 Read more
2019 Highlights Read more
BAS is recognized in Data Protection by the Leaders League ranking Read more
Direct award and the re-enacting of prior consultation Read more
The exceptional and temporary regime for price revision and award Read more
Lessons in Portuguese Commercial Law by João Espírito Santo Read more
Chambers & Partners distinguishes BAS Read more
Video surveillance, GDPR Implementing Law and the Labour Code Read more
Cláudia Monge will be a speaker at the conference on General Regulations for the Protection of Personal Data Read more
BAS at the 20th anniversary of JobShop Read more
BAS celebrates its 10th anniversary Read more
BAS was present at Real Estate Fair in Paris Read more
The new restrictions on loans of professional football players Read more
BAS and real estate trends Read more
António Gonilho joined the BAS team as a trainee lawyer Read more
Young lawyers and entry into the labor market Read more
Developments in data protection and compliance can mean employment laws are quickly outdated Read more
Marco Constantino takes part in the Biennale of Jurisprudence in Medical Law Read more
BAS Agenda: 13th National Congress of Electronic Public Procurement Read more
BAS joins the Helpo sponsorship program Read more
Preliminary consultation: the implementation of informality Read more
Isabel Sousa Castro joins BAS team (Advogar) Read more
BAS represents the Portuguese jurisdiction in Employment & labour 2018 in the International Comparative Legal Guide Read more
BAS authors a chapter on Mozambique at ICLG Read more
“Infarmed Conference – Use of data in health” Read more
BAS Portuguese Simplified Lay Off Guide at Iberian Lawyer Read more
Family Mediation Read more
BAS and Sports Law Read more
Alexandra Almeida Mota took part in the conference on Global Mobility Read more
Healthcare security and State Civil Liability: imprisonment and mastery of guilt? Read more
COVID-19: Exceptional and temporary Measures in Response to the Epidemiological Situation Read more
National meeting on Public Contracts and Community Funds Read more
BAS lawyers at the annual EELA meeting Read more
Paris opens its doors in May to receive Portuguese real estate Read more
Best Lawyers recognise BAS lawyers Read more
Exclusion of people from a football stadium Read more
50 Years of Law in Portugal Read more
The changes in the Public Procurement Code Read more
Paulo Pinto Pereira joins the BAS team Read more
GDPR Organizational Technical Measure – What now? Read more
“The role of Ethics Committees” Read more
Amendments introduced to the Labour Code Read more
General Regulation on Data Protection and the processing of personal data Read more
Pedro Madeira de Brito takes part in APODIT colloquium Read more
Seminar “New Employment Relations” Read more
Marco Real Martins reelected to the APMEP Read more
New regime of Article 256-A of the Public Procurement Code Read more
New general regulation for data protection Read more
Launch of the book “Civil Liability in Health” Read more
Press: BAS reinforces its team with two new associate lawyers Read more
Data Protection, Digital Security, and Compliance Course Read more
Maísa Coutinho joins BAS Law Firm’s Read more
Pedro Madeira de Brito Publishes Book on Labour Law Read more
Pedro Madeira de Brito speaker at the ILO centenary Read more
Cláudia Monge opens workshop intended to review the first year of GDPR Read more
In 2019, there will be more changes in the contributory scheme for Independent Workers Read more
BAS at the Portuguese Real Estate and Tourism Show in Paris Read more
BAS lawyers distinguished by Leaders League Read more
5th European Conference on Sustainable and Innovative Public Procurement Read more
BAS in the 13th In-Lex Edition Read more
Artur Filipe da Silva e Diogo Moreira Ramos author a chapter on real estate in Portugal Read more
Health: When data protection demands special attention Read more
Lisbon 2020 – Work in a Digital Era – Legal Challenges Read more
Labour Law: changes to the Labour Code Read more
Advocatus: BAS distinguished with The Best Health Law Firm 2018 Award Read more
BAS supports the 4th Public e-Procurement Congress Read more
FDUL provides courses in Law, Finance and Justice of Sport Read more
BAS listed in the 15th edition of In-Lex Read more
What changes with the new Local Housing Law? Read more
BAS in the Iberian Lawyer’s Lisbon Annual Report Read more
Sérvulo and BAS lawyers will debate about public procurement in Funchal Read more
BAS integrates business mission to Dubai Read more
BAS goes to college Read more
Read more
Pedro Madeira de Brito co-authors the ‘Commentary on the European Convention on Human Rights and Additional Protocols’ Read more
Sports Law under analysis at the Faculty of Law of the University of Lisbon Read more
Engaging and terminating managing directors in Europe Read more
Cláudia Monge participates in a book celebrating the 40th anniversary of the NHS Read more
BAS on the directory Who’s Who in Business Law Read more
BAS named Marco Aurélio as new partner Read more
BAS integrates two associate lawyers and a consultant, strengthening strategic areas and betting on new areas of expertise Read more
BAS ranked for Leaders League Best Firms in Portugal for Labor Law Read more
Award of public procurement Read more
Isabel Sousa Castro in the ranking Top 50 Iberian Lawyer Rising Stars Read more
BAS celebrates its ninth year Read more
Green Hospitals Read more
Cláudia Monge at the “Dignity, Autonomy and Duration of Human Life” course Read more
BAS at SIPP Read more
Three BAS lawyers recognized in the Leaders League in the labour area Read more
News from MIPIM 2019 Read more
Catarina José focuses on the practical implications of GDPR Read more
The intriguing figure of the Data Protection Officer Read more
Sports Law in 5 questions Read more
Press: BAS with five lawyers listed in Best Lawyers Read more
10 years, 10 partners, 10 stories: Marco Aurélio Constantino Read more
CELIA ALLIANCE publishes article from BAS about Portugal Read more
Priorities of the sector 2023 Read more
Labour Law team participates in the Congress of the ASNALA Read more
Funchal debates Public Procurement and Litigation Read more
Summer Course on General Data Protection Regulation at the University of Lisbon School of Law Read more
III Health Law Course Read more
Real Estate: BAS will be present at Expo Real in Munich Read more
Advogar: BAS distinguished with The Best Health Law Firm 2018 Award Read more
Registrations open for the workshop on GDPR implementation Read more
Comments to the Public Procurement Code Read more
Do you still receive advertising emails to which you did not give consent? Read more
New BAS services: Immigration and Foreign Investment Read more
Debate and book on Public Procurement Legal Framework Read more
GDPR and consent for scientific research Read more
Master of Sports Law Read more
Advogar: BAS partners discuss Public Purchases in Health Read more
Processing data of children and young people in light of the new GDPR Read more
Iberian Lawyer: “10 years of BAS Law Firm” Read more
ICLG: BAS writes about Labour and Employment Law in Portugal Read more
Cláudia Monge contributes to the book The Secrets in Law Read more
Cláudia Monge is a speaker at the Infarmed symposium Read more
BAS with three new trainee lawyers Read more
Women in Law Read more
Beneficiary Central Registry BCR Legal Regime – What are the obligations of a Company After the First Declaration Read more
Effects COVID-19: Extension of deadlines for implementation of electronic invoicing in public contracts Read more
The framework of satellite clubs Read more
BAS lawyers at EELA meeting Read more
“Advocacy for Health Citizenship” Read more
Dália Cardadeiro in the Who is Who in Business Law in Portugal directory Read more
SB2020: Overall charges paid for service contracts Read more
The reform of the employment contract of sports practitioners Read more
BAS has welcomed two new Trainee Lawyers Read more
BAS joins business mission to Saudi Arabia Read more
Chambers Europe 2018 recognizes BAS partners in the area of Labor Law in Portugal Read more
Lauch of the book “Inventário Judicial” Read more
Chambers and Partners recognizes BAS lawyers Read more
JM Sports Seminar: Pedro Madeira de Brito opens afternoon session Read more
New rules for transparency in advertising Read more
COVID-19 – Exceptional Measures for Public Procurement and Expenditure Authorization Read more
BAS authors chapter on Labour Law in Portugal and Mozambique Read more
Real Estate Consulting Read more
Football: The Right of Preference Read more
Clinical Research and GDPR: Are compromises possible? Read more
BAS in the 14th In-Lex Edition Read more