Blog

Today marks Data Protection Day, an important occasion established in 2006 by the Council of Europe with the aim of raising citizens' awareness about the importance of protecting their privacy and personal data. This date was chosen to commemorate Convention 108 of the Council of Europe, signed precisely on January 28, 1981, which was the first international legal instrument concerning the processing of personal data.

This day provides an opportunity to reflect on the crucial role of privacy and personal data in the digital world, highlighting their increasing relevance in recent years.

As a Trainee Lawyer who closely follows the challenges associated with data protection, it is undeniable that the General Data Protection Regulation (GDPR), which came into effect in May 2018, has profoundly transformed the legal landscape and data processing practices in the European Union and, consequently, worldwide. This regulation established a rights-centered approach to data protection, assigning responsibilities to those who handle such information.

The GDPR introduced a set of fundamental principles, such as transparency, data minimization, lawfulness, and security. Additionally, it reinforced citizens' rights, including the right to access, rectification, and erasure, among others. These principles and rights are based on the premise that control over personal data should ultimately rest with their owners.

For organizations, including entities like .PT, the GDPR imposed a set of strict obligations. For instance, appointing a Data Protection Officer (DPO), conducting Data Protection Impact Assessments (DPIA), or the obligation to report personal data breaches within 72 hours are not merely legal formalities but duties that these entities must fulfill.

In legal practice, it is evident that the challenges related to these topics are becoming increasingly complex. The rapid evolution of new technologies, particularly in relation to Artificial Intelligence, raises new and diverse issues, many of which are highly sensitive and significantly impact the protection of personal data.

Additionally, organizations face daily challenges concerning cybersecurity and the protection of personal data. For example, the number of registered personal data breaches has been growing exponentially, as evidenced by the figures in the latest report by the Portuguese Data Protection Authority (CNPD) for 2023. In such cases, the DPO plays a crucial legal role, providing opinions and overseeing the entire process.

This day serves as a reminder of the progress made over recent years, reinforcing citizens' awareness of the importance of how their personal data is handled, which should be done with constant care. Ultimately, this is also a matter of human rights, as safeguarding the dignity and freedom of citizens becomes essential in an increasingly interconnected world. Protecting personal data is, at its core, about protecting people, and this is also the most important work of a lawyer.