Data protection issues have traditionally been relegated by Portuguese companies to the bottom of their priority list, but stricter enforcement and harsher penalties are leading many to see the need for much greater awareness, says Rui Simões of Lisbon’s Sérvulo & Associados.
Tradicionalmente, las cuestionas relativas a la protección de datos han quedado relegadas al final de la lista de prioridades de las empresas portuguesas; sin embargo, el endurecimiento del control y de las sanciones está llevando a muchos a aceptar la necesidad de prestar más atención a estos temas, dice Rui Simões, de Sérvulo & Associados en Lisboa.
“We used to see only the bigger, often multinational, companies pay attention to these issues. Their stronger compliance culture explained a greater interest that really had no comparison in smaller, Portuguese-based companies.”
However, he reports a significant change in this scenario. Not only are the bigger corporations now handling data protection issues with greater care, but smaller companies are also now recognising the importance of privacy issues. Such a change is the result of two different factors, says Simões.
The first affects the largest national and multinational companies who recognise that in recent months, several regulatory authorities have applied heavy sanctions to corporations infringing their customers’ privacy. We have seen this in the UK and in Spain, and it is highly likely that Portugal will follow.
The second factor is the greater exposure of ordinary lines of business to privacy risks. “In addition to new tools that bring clear privacy threats, like video surveillance or GPS monitoring, the emergence of cloud computing is bringing privacy issues to areas that traditionally were considered as presenting a relatively low risk: by relocating customer or employees data in geographically disperse centres, companies are increasingly facing difficulties.”
Among larger corporations, he notes the increasing importance of privacy and data protection issues to IT directors when contemplating cloud computing projects. “But providers of global online services are also under intense pressure to ensure compliance with privacy regulations, with increasingly complex issues now arising and new national directions and limitations being set out.”
For smaller companies, without the resources or awareness of international developments, a starting point may however be establishing simple methodologies, like simple yes/no questionnaires. “The difficulties facing smaller companies in assessing compliance with privacy regulations has led to focus on the identification of the most common risks – in both the way they do business and undertake new transactions, including in due diligence projects.”