Three years have passed since the entry into force of the GDPR on May 25th, 2018, data privacy protection has been changed forever and its compliance today reflects the level of maturity of organizations. Speaking to IT Channel magazine, Martim Bouza Serrano, Partner and Head of the Technology, Media and Telecommunications department at CCA, looks back on the applicability of the Regulation in Portuguese companies in recent years.
"Regardless of how mature companies are with respect to confidentiality requirements and the investment made in this matter, it will be practically impossible to comply with the GDPR given the scope of the obligations, the complexity of the activities, and the need for constant monitoring and updating, until many companies (not just the Portuguese ones) are able to fully comply with the law", says the CCA Partner.
At the same time, explains Martim Bouza Serrano, "there are still gaps in the internalization and deeper adoption of confidentiality obligations, even because confidentiality is not a priority concern for most companies and compliance with the GDPR is addressed more as a formality. May 25th, 2018, when the GDPR became effective, was assumed by the vast majority of organizations as a point of arrival and not as a real starting point".