The General Data Protection Regulation came into force on 25 May 2018, establishing the mandatory appointment of a Data Protection Officer in public bodies.
Oeiras Valley spoke with the Data Protection Officer (DPO) of Oeiras, Rui Matias Várzea, who explained how the Municipality of Oeiras guarantees the protection and processing of the data of all the people of Oeiras.
The DPO is in charge of all matters relating to the protection of personal data under the General Data Protection Regulation (GDPR) and the national implementing law.
The DPO is in charge of informing and advising the Municipality on its obligations under data protection law; monitoring the compliance of processing with applicable legislation and with the organisation’s policies; ensuring audits are carried out; being the point of contact with the National Data Protection Commission (CNPD) on issues related to processing.
The GDPR, however, only applies when we are dealing with data considered personal, i.e. information relating to an identified or identifiable natural person (data subject), such as, for example, name, an identification number, location details, etc.
In the case of the Municipality of Oeiras, the purposes of the personal data are diverse, since municipalities have attributions in various fields, including education, health, social action, leisure and sports, housing, among others.
To make this possible, the Municipality stores personal data on servers that are located in the municipality’s internal data centres, in a secure environment, protected from unauthorised access. In addition, the Municipality adopts the necessary and adequate technical and organisational procedures to guarantee the security of personal data and prevent their loss, misuse or improper access.
In late 2018, with the entry into force of the GDPR, an action plan of initiatives was outlined in order to leverage the Municipality’s data protection programme.
Since then, the registration of all processing activities has been ensured, with the aim of keeping a detailed record of the movement of data throughout its life cycle, from collection to elimination, through use, storage and disclosure.
Regarding the management of the relationship with third parties and contractual clauses, all contracts were reviewed in the light of the GDPR, ensuring the alignment of the clauses with the requirements of the new regulation. A model for conducting data protection impact assessments has also been defined.
The Municipality of Oeiras has given permanent support to the organic units in the adaptation of processes and procedures in order to adapt them to comply with the GDPR, as well as providing various training initiatives in e-learning.
Now that you know all about the GDPR, you should also know that you can email the DPO’s email address (firstname.lastname@example.org) whenever you want to clarify your rights. The Municipality of Oeiras respects the confidentiality of personal data and guarantees the exercise of the rights of the data subjects.