Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Portuguese Data Protection Authority suspends transfers of Census 2021 data to the U.S.

Portuguese Data Protection Authority suspends transfers of Census 2021 data to the U.S.

On April 27, 2021, CNPD- the Portuguese Data Protection Authority, ordered a suspension of any transfer of personal data from the Census 2021 questionnaire to the U.S., or any other third countries, without an adequate level of protection.

Interestingly, the CNPD ordered an almost immediate suspension (within 12 hours), basing their decision on the principles contained in the Schrems II case.

[RELATED TOPIC: Schrems II - The EU Court of Justice invalidates EU-US Privacy Shield]


The National Institute of Statics (INE) collects and process personal data from the Portuguese Census surveys.

The Census data includes personal data of the entire Portuguese population (more than 10 million data subjects), including sensitive personal data like data about religious beliefs and health data.

The INE outsourced the operation of the census questionnaire to Cloudflare– U.S. based company, which by itself would not be problematic since there were SCCs put in place.

However, by the type of service it provides, Cloudflare is directly subjected to U.S. surveillance legislation for national security purposes, which imposes a legal obligation to unrestricted access to personal data to the US authorities, without any obligation to inform their clients about it.

CNPD investigation & conlusion

Following several complaints regarding the way personal data was collected online, CNPD carried out a quick investigation, concluding that such legislation implies a disproportionate interference in the fundamental rights of data subjects, not ensuring a level of data protection equivalent to that guaranteed in the EU.

The CNPD heavily relied on the Schrems II case and concluded that, even though the transfer of personal data outside of the EEA is based on the SCCs, the INE had not conducted a sufficient data protection impact assessment or provided for adequate additional safeguards when using the SCCs.

[RELATED TOPIC: EDPB recommendations for transferring personal data to non-EU countries] 


Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top