The new General Data Protection Regulation ("GDPR") has sought, among other aspects, to strengthen and harmonize throughout the European Union a set of rules for the defense of the rights, freedoms and guarantees of the citizens with respect to the processing of their personal data and has also established multiple principles and obligations for the entities that collect and process such personal data.
Despite the continuous EDP Group's commitment to ensure privacy and to protect the personal data of its customers, employees, suppliers or other third parties, with the beginning of the applicability of the GDPR, the procedures to evaluate and anticipate possible risks related to the processing operations and the respective mitigation measures have been adjusted, complemented with specific training and awareness actions and with the implementation of dedicated channels and teams to manage requests for the exercise of rights and to handle complaints.
Learn more about how EDP Group protects personal data of its multiple stakeholders.
In the relationship with these stakeholders (customers, employees, suppliers, etc.), the data subjects, EDP provides information on the data processing carried out through specific privacy policies or data protection disclaimers. According to the legal requirements, in these documents, the EDP Group entities include, among other aspects, the following information:
- The contact details of the entity responsible for the data processing;
- The contact details of the respective Data Protection Officer (DPO), through which the data subjects may exercise their rights in relation to the protection of personal data, request information or clarification about their data and lodge complaints.
- The purposes for which they process the personal data and the legal basis for such processing. If data is used for secondary purposes, all the data subjects are also informed about these secondary purposes.
- Whether the personal data is shared with other entities.
- The retention periods for the personal data.
- The technical and organisational measures adopted.
- EDP Comercial, a company operating in the free market, in Portugal, shares information about the company's data protection policy, regarding the use of information collected, customer rights and security procedures. See here.
- The EDP Group also undertakes to manage the information in order to ensure the protection of the integrity and confidentiality of the supplier's affairs. See here.
Data Protection in Numbers
Within the scope of the data protection compliance program, the operationalization and monitoring of the response to the exercise of rights and complaints regarding data protection is ensured, as well as the monitoring of security incidents and potential situations of personal data breaches.
Customer complaints related to personal data protection
Costumers personal data breaches notified to supervisory authorities and communicated to data subjects
(* pursuant to articles 33 and 34 of the GDPR)
Know more about Cyber and Information Security
For EDP, it is crucial that access to network, IT systems and data is assured at all times. The main risks stem from technical failure, human error, malicious attacks, weather events, natural disasters or terrorist attacks. Managing such risks, including contingency plans, is crucial to ensuring business continuity.
Information Security Policy
Information is a strategic asset for EDP, providing additional advantages in terms of innovation, coordination with partners and quality of customer service. Click here.
Information Security Incident Response Team (CSIRT EDP)
In the context of the Security Operations Center EDP, a security incident response team (CSIRT - Computer Security Incident Response Team) was created, which is responsible for identifying, analyzing and responding to incidents in this area.
CSIRT EDP has been part of the National CSIRT Network since 2011, coordinated by the National Cybersecurity Center, publishing here its RFC 2350.
Information on how EDP processes personal data provided through the edp.com website. Click here.
Ensure your security, the security of your online operations and the protection of your personal data. Learn how to protect yourself from fraudulent attacks.
Learn How to Identify
Emails and other fraudulent contacts
Emails are often used as a gateway for a hacker to access your computer. There are also other ways to get your personal data: by telephone or by SMS. Learn what to do.
Protect your computer
Learn how to protect the information on your computer and your data when you browse online.