At a high level, the article outlines Portugal’s data transfer framework, grounded in the GDPR and its Implementation Law 58/2019, complemented by sectoral rules (telecommunications, health, cybersecurity, AML/CFT). It sets out the activity of the CNPD, including criteria for intra-group agreements, guidance on transfers to the U.S., and notable enforcement actions (e.g., Census, Lisbon, Setúbal). It incorporates EU-level guidance (EDPB and Commission) on SCCs, supplementary measures, and Chapter V provisions, framed by the Schrems II case law.
See complete chapter at: Data Transfers Guidance Note, January 2025.
January 1, 2025
Don’t miss our content
Subscribe