The new General Data Protection Regulation ("GDPR") has sought, among other aspects, to strengthen and harmonize throughout the European Union a set of rules for the defense of the rights, freedoms and guarantees of the citizens with respect to the processing of their personal data and has also established multiple principles and obligations for the entities that collect and process such personal data.

Despite the continuous EDP Group's commitment to ensure privacy and to protect the personal data of its customers, employees, suppliers or other third parties, with the beginning of the applicability of the GDPR, the procedures to evaluate and anticipate possible risks related to the processing operations and the respective mitigation measures have been adjusted, complemented with specific training and awareness actions and with the implementation of dedicated channels and teams to manage requests for the exercise of rights and to handle complaints.   

Learn more about how EDP Group protects personal data of its multiple stakeholders.

In the relationship with these stakeholders (customers, employees, suppliers, etc.), the data subjects, EDP provides information on the data processing carried out through specific privacy policies or data protection disclaimers. According to the legal requirements, in these documents, the EDP Group entities include, among other aspects, the following information:

  • The contact details of the entity responsible for the data processing;
  • The contact details of the respective Data Protection Officer (DPO), through which the data subjects may exercise their rights in relation to the protection of personal data, request information or clarification about their data and lodge complaints.
  • The purposes for which they process the personal data and the legal basis for such processing. If data is used for secondary purposes, all the data subjects are also informed about these secondary purposes.
  • Whether the personal data is shared with other entities.
  • The retention periods for the personal data. 
  • The technical and organisational measures adopted.


  • EDP Comercial, a company operating in the free market, in Portugal, shares information about the company's data protection policy, regarding the use of information collected, customer rights and security procedures. See here.
  • The EDP Group also undertakes to manage the information in order to ensure the protection of the integrity and confidentiality of the supplier's affairs. See here.

Data Protection in Numbers

Within the scope of the data protection compliance program, the operationalization and monitoring of the response to the exercise of rights and complaints regarding data protection is ensured, as well as the monitoring of security incidents and potential situations of personal data breaches.


Customer complaints related to personal data protection

data protection numbers
data protection numbers

Costumers personal data breaches notified to supervisory authorities and communicated to data subjects

(* pursuant to articles 33 and 34 of the GDPR)

data breach numbers
data breach numbers

Know more about Cyber and Information Security

For EDP, it is crucial that access to network, IT systems and data is assured at all times. The main risks stem from technical failure, human error, malicious attacks, weather events, natural disasters or terrorist attacks. Managing such risks, including contingency plans, is crucial to ensuring business continuity. 

Information Security Policy

Information is a strategic asset for EDP, providing additional advantages in terms of innovation, coordination with partners and quality of customer service. Click here

Information Security Incident Response Team (CSIRT EDP)

In the context of the Security Operations Center EDP, a security incident response team (CSIRT - Computer Security Incident Response Team) was created, which is responsible for identifying, analyzing and responding to incidents in this area.
CSIRT EDP has been part of the National CSIRT Network since 2011, coordinated by the National Cybersecurity Center, publishing here its RFC 2350. Terms and Conditions of Use and Privacy Policy

Information on how EDP processes personal data provided through the website. Click here


Good habits 

Ensure your security, the security of your online operations and the protection of your personal data. Learn how to protect yourself from fraudulent attacks.

Learn How to Identify

Emails and other fraudulent contacts

Emails are often used as a gateway for a hacker to access your computer. There are also other ways to get your personal data: by telephone or by SMS. Learn what to do.

Computer Security

Protect your computer

Learn how to protect the information on your computer and your data when you browse online.