Portugal
Key aspects
- The National Commission for Data Protection (CNPD) approved its first guideline (Guideline) for 2023 on organizational and security measures for personal data processing.
- The attacks are mainly due to (i) infrastructural weaknesses; (ii) users not being trained to detect phishing campaigns; and (iii) data controllers’ lack of awareness of the risks to data subjects' rights, caused by the lack of investment in security mechanisms.