Personal data is legally protected in the Constitution of the Portuguese Republic. It is also one of the fundamental rights of freedom and principles recognized in the Charter of Fundamental Rights of the European Union.
The EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) is on the protection of individuals with regard to the processing of personal data and on the free movement of such data, whose applicability applies to all private and public organizations located in the 28 member states of the European Union or organizations subcontracted for this purpose located in the EU, which process personal data of Individuals residing in the territory of the European Union regardless of their nationality or place of residence.
It was published in 2016 with an adaptation period of 2 years, being applicable on May 25, 2018 in all EU member countries.
The main obligations implicit in the GDPR translate a set of new rules, among which stand out the obligation to designate a data protection officer, rules on data pseudonymization, the amendment of the rules on obtaining consent, new rules on consent of minors, the elimination of the system of notifications and authorizations, the implementation of the right to forget, creation of increased obligations for subcontractors, the introduction of very high fines and information obligations regarding security breaches.
Personal Data is information relating to a living, identified or identifiable person and it is also the collection of distinct pieces of information that can lead to the identification of a particular person.
On the other hand personal data that has been de-characterized, encoded, or pseudonymized, but which can be used to re-identify a person, remains personal data and falls under the scope of the GDPR.
If personal data has been anonymized in such a way that the person is not or no longer identifiable is no longer considered personal data. For data to be truly anonymized, the anonymization must be irreversible. (1)
Examples of personal data:
– A first and last name;
– A home address;
– An email address such as nome.apelido@empresa.com;
– The number of an identification card;
– Location data (e.g. the location data function on a cell phone) (*);
– An IP (internet protocol) address;
– Connection cookies;
– Your phone’s advertising identifier;
– Data held by a hospital or doctor that uniquely identifies a person.
Examples of data not considered personal:
– The company registration number;
– An email address such as info@empresa.com;
– Anonymized data.
The range of information that can be associated with a person is wide, data that is considered personal is used for many everyday activities.
And the information can be found in different formats, as well as with the technological advance many data related to people are stored, processed or transmitted in digital format.
If, on the one hand, technological means have accelerated and streamlined many bureaucratic procedures, on the other, they are used to commit so-called cybercrimes.
It is important to emphasize the extreme importance of safeguarding the security of information, because all security breaches related to access to this information will lead to consequences, some of them drastic in personal life.
Therefore, the protection of personal data must be ensured in every situation.
All documents containing personal information of a private nature must be carefully stored to avoid misuse by third parties. Access to them should only be granted in situations provided for by law.
If any personal documents, such as a bank card, are lost or misplaced, the police authorities should be contacted immediately.
Another example are the electronic mailboxes used for contacts with credit institutions or to receive messages with confidential information that should be properly protected, and it is important to protect access codes and adopt security measures when accessing the internet.
There is also an idea about the precautions to be taken when hiring products at a distance. Financial services are often advertised on the Internet, and there are several ways to contract financial products without the need for the client to go in person.
Now this contracting done over the internet, by phone, must be assured by the customer himself, and therefore, aiming to protect personal data.
(1) https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_pt
(*) It should be noted that in some cases there is specific sectoral legislation regulating, for example, the use of location data or the use of cookies – Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 (OJ L 201, 31.7.2002, p. 37) and Regulation (EC) No 2006/2004 of the European Parliament and of the Council of 27 October 2004 (OJ L 364, 9.12.2004, p. 1).
