Privacy World

Keeping you informed on the evolving law on data privacy, security and innovation.

GDPR Enforcement

GDPR Enforcement: Portugal

By Squire Patton Boggs on February 19, 2019

Posted in EU, GDPR

A hospital became one of the first organisations to face GDPR enforcement in Portugal in July 2018. The hospital received a €400,000 fine from the Portuguese regulator, Comissão Nacional de Protecção de Dados (“CNPD”) for various breaches of the GDPR.

The hospital was fined for the following three violations of the GDPR:

Breach of the data minimisation principle;
Breach of the integrity and confidentiality principle; and
The failure to ensure the ongoing security of processing under Article 32 of the GDPR.

For breaches of the data protection principles, a maximum fine of €20,000,000 or 4% of global turnover, whichever is higher, may be imposed. However, the maximum fine for the third violation is €10,000,000 or 2% of global turnover, whichever is higher.
Continue Reading GDPR Enforcement: Portugal