The European Union’s General Data Protection Regulation (GDPR) sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:
Portugal’s Law no. 58/2019 of 8 August implemented the GDPR in the country. Under this Law, employers can process personal employee data within the purposes and limits outlined in the Portuguese Labor Code.
There are some clauses within Law no. 58/2019 of 8 August that are inconsistent with GDPR standards and requirements. For example, Art. 28, Paragraph 3(a) states that employee consent is not considered to be a lawful ground to process employee data, even if the processing results in a legal or economic advantage to the employee. Due to these inconsistencies, Portugal’s data protection commission (Comissão Nacional de Proteção de Dados) issued a Deliberation (no. 2019/494 on 3rd September of 2019), stating that they will not apply certain sections of Portugal’s implementation law, including the above Article, as it’s incompatible with EU law.