The General Data Protection Regulation (GDPR) has been applicable in the European Union since 2018, having introduced several changes in terms of the protection of personal data.

Companies and citizens had to adjust to the new applicable regulation, under penalty of being charged heavy fines, which can reach 20 million euros or, in the case of companies, up to 4% of their annual global turnover, depending on the whichever is higher.

However, some practical questions are frequently asked, such as those related to the confluence between the right to portability and the right to erase personal data.

When the right to portability is exercised, is it necessary to also request the deletion of data? Or is the data deleted automatically?

It is also discussed, regarding the right to portability, the transfer of data related to personal preferences that are obtained and registered by means of algorithms, for example.

As for the transfer of personal data to companies residing in third countries without an adequate level of protection, we refer to the recent decision of the National Data Protection Commission (CNPD) under the 2021 Census, which is based on the so-called Schrems II Decision of the Court of Justice of the European Union (CJEU).

With interest to companies and citizens, we have tried to clarify some practical data protection issues.

To access the full article, download the PDF below.