Portugal finally implemented the GDPR in late August 2019, among the last E.U. Member States to do so. One month later, however, the Portuguese Data Protection Authority stated that it considered some of the provisions of the implementing law inconsistent with the GDPR and the Portuguese constitution. In a guest article, Ana Monteiro, head of the regulatory practice at Caetano de Freitas & Associados in Lisbon, describes the problematic provisions. For our previous discussion of the law with Monteiro, see “Examining Portugal’s GDPR Implementation Statute” (Aug. 21, 2019).