The General Data Protection Regulation ("GDPR") has sought, among other aspects, to strengthen and harmonize throughout the European Union a set of rules for the defense of the rights, freedoms and guarantees of the citizens with respect to the processing of their personal data and has also established multiple principles and obligations for the entities that collect and process such personal data.

The commitment to ensure privacy and to protect the personal data of its customers, employees, suppliers or other third parties has always been present in the EDP Group's strategy.

Nonetheless, with the implementation of a Specific Compliance Program, from 2016 onwards, the existing procedures to evaluate and anticipate possible risks related to the processing operations and the respective mitigation measures have been adjusted, employees’ training and awareness action plans have been reinforced and channels and teams dedicated to managing and responding to requests for the exercise of rights and to handling complaints were also made available.

Discover the EDP Group's Personal Data Protection Policy and learn more about how the EDP Group protects personal data and the privacy of its stakeholders here.


In accordance with this Policy, in the relationship with different data subjects, EDP Group entities provide information on the data processing carried out through specific privacy policies or specific data protection disclaimers. In these documents and according to the applicable legal requirements, the EDP Group entities include, among other aspects, the following information:

  • The contact details of the entity responsible for the data processing; and
  • The contact details of the respective Data Protection Officer (DPO), through which the data subjects may exercise their rights in relation to the protection of personal data, request information or clarification about their data and lodge complaints.
  • The purposes for which they process the personal data and the legal basis for such processing.

    The personal data of Customers of EDP Group entities will not be used for purposes other than the performance of the contract with the Customer or what is necessary for compliance with legal obligations, unless their consent is collected or based on EDP's legitimate interests, always ensuring that these legitimate interests do not compromise the interests or fundamental rights and freedoms of Customers. Before using data for purposes grounded on consent or legitimate interests, EDP checks if the customer has given his consent or objected to the processing.

     

Use of Customers' personal data for secondary purposes based on Consent (as of April 2024):

Use of Customers' personal data for secondary purposes based on Consent (as of April 2024)
  • Whether the personal data is shared with other entities.
  • The retention periods for the personal data. 
  • The technical and organisational measures adopted.

Examples

  • EDP Comercial, a company operating in the free market, in Portugal, shares information about the company's data protection policy, regarding the use of information collected, customer rights and security procedures. See here.
  • The EDP Group also undertakes to manage the information in order to ensure the protection of the integrity and confidentiality of the supplier's affairs. See here.

Data Protection in Numbers

Within the scope of the data protection compliance program, the operationalization and monitoring of the response to the exercise of rights and complaints regarding data protection is ensured, as well as the monitoring of security incidents and potential situations of personal data breaches.

 

Customer complaints related to personal data protection

data protection numbers
data protection numbers

Costumers personal data breaches notified to supervisory authorities and communicated to data subjects

(* pursuant to articles 33 and 34 of the GDPR)

data breach numbers
data breach numbers

Know more about Cyber and Information Security

For EDP, it is crucial that access to network, IT systems and data is assured at all times. The main risks stem from technical failure, human error, malicious attacks, weather events, natural disasters or terrorist attacks. Managing such risks, including contingency plans, is crucial to ensuring business continuity. 

Information Security Policy

Information is a strategic asset for EDP, providing additional advantages in terms of innovation, coordination with partners and quality of customer service. Click here

Information Security Incident Response Team (CSIRT EDP)

In the context of the Security Operations Center EDP, a security incident response team (CSIRT - Computer Security Incident Response Team) was created, which is responsible for identifying, analyzing and responding to incidents in this area.
CSIRT EDP has been part of the National CSIRT Network since 2011, coordinated by the National Cybersecurity Center, publishing here its RFC 2350.

edp.com Terms and Conditions of Use and Privacy Policy

Information on how EDP processes personal data provided through the edp.com website. Click here

 

Good habits 

Ensure your security, the security of your online operations and the protection of your personal data. Learn how to protect yourself from fraudulent attacks.

Learn How to Identify

Emails and other fraudulent contacts

Emails are often used as a gateway for a hacker to access your computer. There are also other ways to get your personal data: by telephone or by SMS. Learn what to do.

Computer Security

Protect your computer

Learn how to protect the information on your computer and your data when you browse online.