Portuguese Data Protection Authority increased number of inspections and global amount of fines applied
Data Protection Alert
The Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados or CNPD) published, on 23 April 2019, its 2017-2018 activity report. This report provide us an overview of CNPD’s activities during the year of 2017 and two periods of the year 2018: from 1 January to 24 May (before the GDPR’s applicability) and from 25 May to 31 December (after the GDPR’s applicability). Among the information provided by the CNPD we highlight the following:
Thus, in spite of the CNPD's shortage of human resources (which had 27 collaborators in 2018), CNPD has increased exponentially the number of inspections carried out during 2018 (with an increase of around 80%) compared with the previous year. The total amount of the fines applied also increased, which shall reflect the impact of the fine in the amount of € 400,000.00 applied to the Hospital Center of Barreiro Montijo.
Concerning the administrative infraction proceedings opened during 2017, we note that:
600 cases resulted from complaints submitted by the data subjects;
643 cases resulted from participations made by the Portuguese police authorities; and
116 cases resulted from participations made by other entities (such as the Public Prosecutor's Office, ASAE and ACT).
We can therefore conclude that there are other Portuguese entities with supervisory powers that are alert to breaches of data protection legislation, informing the CNPD of non-compliance situations detected.
Although we are still waiting for the Portuguese law implementing the RGPD, it follows from the above figures that the CNPD is effectively carrying out its supervisory activity, and we will probably see in the coming months the results of the inspections carried out.