The Portuguese Data Protection Authority (the "PDPA") has recently published Plano de Atividades CNPD 2016, its plan of activities for 2016 (the "Plan") in which it defines its priorities and operations in the near future. Particular emphasis will be given to: (i) preparation for transition to the GDPR; and (ii) enforcement actions, mainly regarding data processing operations in the public sector and unsolicited marketing communications carried out by companies. The PDPA intends to play an active role in the elaboration of the legislation needed to effect the transition to the GDPR, namely by delivering its opinion on the implementing measures of the GDPR.

In addition, the PDPA intends to analyse and intervene in specific areas of interest, such as (i) identity theft; (ii) the processing of personal data for administrative transparency purposes, particularly in connection to the Internet; and (iii) the impact of Internet of Things on citizens’ privacy.

Also notable is the PDPA’s guidance regarding conditions in which call recording is admissible. It states that admissibility will be reviewed in light of the needs revealed by practice, particularly in respect of the periods of data retention.

The PDPA also wishes to collaborate with various educational institutions and to intensify its participation in the relevant international forums and discussion panels, especially in countries that, for historical reasons, maintain a closer relationship with the Portuguese culture.

A copy of the Plan is available here (Portuguese).

Article submitted by Inês Antas de Barros and Maria de Lurdes Gonçalves of Vieira de Almeida & Associados, Sociedade de Advogados, R.L – Lisbon, Portugal in partnership with DAC Beachcroft LLP