Who is the Data Protection Authority in Portugal?

The Data Protection Authority in Portugal is the Comissão Nacional de Proteção de Dados (CNPD). You can reach them at https://www.cnpd.pt/

How can I check if my Portugal website is GDPR compliant?

You can use PrivacyChecker's free GDPR scanner to instantly audit your website. It checks cookie consent, privacy policy, security headers, and 25+ compliance points relevant to Portugal's data protection requirements.

PrivacyChecker

🇵🇹

GDPR Compliance in Portugal

Lei de Execução do RGPD (Lei n.º 58/2019)

TL;DR

Websites targeting users in Portugal must comply with GDPR as implemented locally through the Lei de Execução do RGPD (Lei n.º 58/2019). The supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD). Use our free scanner below to check your website instantly.

Check your website's Portugal compliance now

Free audit — 25+ automated checks in 60 seconds

Scan My Website Free →

Data Protection Authority

Authority

Comissão Nacional de Proteção de Dados (CNPD)

Website

www.cnpd.pt ↗

Local Law

Lei de Execução do RGPD (Lei n.º 58/2019)

Language

Portuguese

Population

10.3 million

Key Requirements for Portugal

Cookie consent must be explicit and granular

Portuguese-language privacy policy recommended

DPO mandatory for public bodies and certain private organizations

Special protections for genetic and biometric data

Mandatory data breach notification to CNPD

Employee consent generally not considered freely given

What Makes Portugal Different?

Portugal's CNPD has been particularly strict on video surveillance and biometric data processing. They also issued guidance warning against reliance on consent for employment data processing.

Portugal Website Compliance Checklist

☐

Cookie consent banner that requires opt-in before non-essential cookies

☐

Clear identification of data controller and contact details

☐

Data Processing Agreement (DPA) with all third-party processors

☐

Lawful basis documented for each processing activity

☐

Data Subject Access Request (DSAR) process in place

☐

Data breach notification procedure compliant with 72-hour rule

☐

Data Protection Impact Assessment for high-risk processing

☐

International data transfer mechanisms documented (SCCs, adequacy decisions)

☐

Records of processing activities (ROPA) maintained

Frequently Asked Questions

What are the GDPR requirements for websites in Portugal?

In Portugal, websites must comply with GDPR as implemented by the Lei de Execução do RGPD (Lei n.º 58/2019). Key requirements include obtaining explicit consent before setting non-essential cookies, providing a clear privacy policy, appointing a DPO when required, and notifying data breaches within 72 hours to the Comissão Nacional de Proteção de Dados (CNPD).

Who enforces GDPR in Portugal?

The Comissão Nacional de Proteção de Dados (CNPD) is the supervisory authority responsible for enforcing data protection laws in Portugal. They can investigate complaints, conduct audits, and issue fines up to €20 million or 4% of annual global turnover.

How can I check if my website complies with Portugal data protection laws?

Use PrivacyChecker's free scanner to perform an instant audit of your website. Our tool checks 25+ compliance points including cookie consent, privacy policy presence, security headers, tracker detection, and more — all relevant to Portugal's GDPR requirements.

Is your website compliant in Portugal?

Find out in 60 seconds with our free GDPR scanner

Run Free Audit →

GDPR Compliance in Other Countries

🇩🇪Germany 🇫🇷France 🇳🇱Netherlands 🇪🇸Spain 🇮🇹Italy 🇧🇪Belgium 🇦🇹Austria 🇵🇱Poland