EU Legal Order · dataprotectionofficers.eu
dataprotectionofficers.eu

EU Legal Order

The regimes that frame the practice of data protection.

The practice of the Data Protection Officer rests on a dense but coherent body of rules, whose centre is the General Data Protection Regulation and, in Portugal, Law 58/2019 ensuring its execution. To that core are added the regimes that intersect with it — from electronic communications to artificial intelligence and cybersecurity.

The key EU data instruments that frame the practice of the DPO, and their national transposition.

AreaEU instrumentNational transposition
Data ProtectionGDPR — Regulation (EU) 2016/679National laws (PT 58/2019, ES LOPDGDD, DE BDSG)
DPO — designation and positionGDPR, Arts. 37–39National specifications (PT Law 58/2019, Arts. 9–13)
ePrivacyDirective 2002/58/ECNational transposition (PT Law 41/2004)
Law-enforcement dataDirective (EU) 2016/680National transposition (PT Law 59/2019)
Artificial IntelligenceAI Act — Regulation (EU) 2024/1689Directly applicable
Data GovernanceData Governance Act — Regulation (EU) 2022/868Directly applicable
Data ActData Act — Regulation (EU) 2023/2854Directly applicable
Cybersecurity (interface)NIS2 — Directive (EU) 2022/2555National (PT Decree-Law 125/2025)

We use essential cookies and, with your consent, analytics cookies. See our Cookie Policy.