PREISA Advogados
Compliance & GDPR

GDPR: the eight-point checklist for Portuguese SMEs

Portuguese GDPR case law has matured and the data-protection authority has grown more active in SME inspections. This checklist sums up the points we recommend…

Portuguese GDPR case law has matured and the data-protection authority has grown more active in SME inspections. This checklist sums up the points we recommend validating.

Mapping and responsibilities

Is there an up-to-date record of processing, with purposes and retention periods? Has a Data Protection Officer been appointed where required and notified to the authority?

Transparency and contracts

Are privacy notices available at collection points, in plain language? Do all processors handling personal data have an Article 28-compliant contract?

Rights and incidents

Is there a process to answer data-subject requests within 30 days? Are breaches logged internally, with a reasoned decision on whether to notify the authority?

More reading

Keep reading.

  1. Employment Law

    Remote work: three obligations companies keep forgetting

    Remote work is no longer the exception in many Portuguese companies, yet its formalisation still fails on the basics — three of them especially common in…

Let's talk

Does your company need legal support? Let's talk.

Av. Dom João II Nº 12, 1.º Esc. 1, 1990-091 Lisboa

paula@preisa.pt

Contact PREISA