Experts warn of the lack of preparation of companies to properly comply with the changes imposed by the diploma.
Six months have passed since the adoption of the new General Regulation on Data Protection and many Portuguese companies and organizations are not yet ready to comply with and respond to the changes introduced in the new diploma. The alert comes from F3M, specialist in the development and implementation of custom software.
According to Filipe Cruz, Training Manager, the situation reflects the decrease or total lack of concern of the entities for this matter, especially when the national legislation is still awaiting publication. Although the draft law based on European standards, adapted to the Portuguese reality was approved in March, it has not yet been published and is again being debated, which according to the expert leads to the negligence of companies to apply it.
The attitude of the State in not having yet published the diploma has been interpreted by the companies as a sign of "non-urgency" in the implementation of the RGPD, and to a decrease of the concern on the subject, register the F3M. "Many organizations have not even made progress, others have gone through mere declarations of consent, often poorly constructed, without any legal validity," says Filipe Cruz.
The expert points out that the non-compliance puts their companies at risk of being punished with a heavy fine, referring to some examples applied in France, Sweden and other points in Europe. The company states that, even though it has not been applied as national legislation, the RGPD is an existing standard that has to be complied with.
In the statement, the company says that in Portugal the National Data Protection Commission has begun to impose fines in the last six months due to improper use of personal data of customers. But by the end of the year the number will increase.