Explore all Modules

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Explore all Modules

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Focus on your priorities

DPC issues €405 million GDPR fine to Instagram

18/09/2022

Data Discovery and GDPR-first step towards compliance

Data Discovery & GDPR: Advancing your privacy program

08/09/2022

How To Secure Your Business After A Data Breach

07/09/2022

Data Privacy Manager teams up with filerskeepers

25/08/2022

Learn the terms

Payment Service Directive (PSD2)

European Data Protection Supervisor (EDPS)

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest Papers

DPC issues €405 million GDPR fine to Instagram

18/09/2022

Data Discovery & GDPR: Advancing your privacy program

08/09/2022

How To Secure Your Business After A Data Breach

07/09/2022

Learn the terms

Payment Service Directive (PSD2)

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest Papers

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Explore all Modules

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Focus on your priorities

DPC issues €405 million GDPR fine to Instagram

18/09/2022

Data Discovery & GDPR: Advancing your privacy program

08/09/2022

How To Secure Your Business After A Data Breach

07/09/2022

Data Privacy Manager teams up with filerskeepers

25/08/2022

Learn the terms

Payment Service Directive (PSD2)

European Data Protection Supervisor (EDPS)

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest Papers

DPC issues €405 million GDPR fine to Instagram

18/09/2022

Data Discovery & GDPR: Advancing your privacy program

08/09/2022

How To Secure Your Business After A Data Breach

07/09/2022

Learn the terms

Payment Service Directive (PSD2)

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest Papers

Consent and Preference Management

DPC issues €405 million GDPR fine to Instagram

18/09/2022

Data Discovery & GDPR: Advancing your privacy program

08/09/2022

How To Secure Your Business After A Data Breach

07/09/2022

Learn the terms

NDPR/ Nigeria Data Protection Regulation

Privacy by design

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Portuguese Data Protection Authority suspends transfers of Census 2021 data to the U.S.

03/05/2021
in Blog

On April 27, 2021, CNPD- the Portuguese Data Protection Authority, ordered a suspension of any transfer of personal data from the Census 2021 questionnaire to the U.S., or any other third countries, without an adequate level of protection.

Interestingly, the CNPD ordered an almost immediate suspension (within 12 hours), basing their decision on the principles contained in the Schrems II case.

Backstory

The National Institute of Statics (INE) collects and process personal data from the Portuguese Census surveys.

The Census data includes personal data of the entire Portuguese population (more than 10 million data subjects), including sensitive personal data like data about religious beliefs and health data.

The INE outsourced the operation of the census questionnaire to Cloudflare– U.S. based company, which by itself would not be problematic since there were SCCs put in place.

However, by the type of service it provides, Cloudflare is directly subjected to U.S. surveillance legislation for national security purposes, which imposes a legal obligation to unrestricted access to personal data to the US authorities, without any obligation to inform their clients about it.

CNPD investigation & conlusion

Following several complaints regarding the way personal data was collected online, CNPD carried out a quick investigation, concluding that such legislation implies a disproportionate interference in the fundamental rights of data subjects, not ensuring a level of data protection equivalent to that guaranteed in the EU.

The CNPD heavily relied on the Schrems II case and concluded that, even though the transfer of personal data outside of the EEA is based on the SCCs, the INE had not conducted a sufficient data protection impact assessment or provided for adequate additional safeguards when using the SCCs.

Resources

CNPD (Comissão Nacional de Proteção de Dados) official statement in Portuguese: CENSOS 2021: CNPD SUSPENDE FLUXOS PARA OS EUA
EDPB statement: Census 2021: Portuguese DPA (CNPD) suspended data flows to the USA

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.