plataformargpd.pt
PTEN

The Data Protection Programme

The records and procedures that make compliance demonstrable.

Compliance is demonstrated with records and procedures, not with statements. The data protection programme brings together the elements that, before the CNPD or a data subject, prove the organisation complies — and it is common to all layers of the ecosystem.

Records of Processing Activities

The Article 30 register: purposes, categories of data and data subjects, recipients, transfers and retention periods — the backbone of accountability.

Lawful Bases

The identification and documentation of the lawful basis for each processing operation, under Articles 6 and 9, including consent management where applicable.

Impact Assessments (DPIA)

The assessment of high-risk processing and the management of residual risk, under Article 35.

Processor Agreements

The Article 28 contracts governing processors, with the required guarantees and instructions.

Security of Processing

The technical and organisational measures appropriate to the risk, under Article 32, in articulation with cybersecurity.

Breach Management

The procedure for personal data breaches: the 72-hour notification and the communication to data subjects, under Articles 33 and 34.

International Transfers

The lawful framework for transfers to third countries, under Chapter V — adequacy decisions, standard contractual clauses and supplementary measures.

Data Subject Rights

The procedures that guarantee the exercise of rights under Chapter III, within the legal time limits.

We use essential cookies and, with your consent, analytics cookies. See our Cookie Policy.