제3조 GDPR. 영토의 범위
Article 3 GDPR. Territorial scope
[…]
[…]
2. 본 규정은 개인정보의 처리가 다음 각 호와 관련되는 경우, 유럽연합 역내에 설립되지 않은 컨트롤러 또는 프로세서가 유럽연합 역내에 거주하는 정보주체의 개인정보를 처리할 때도 적용된다.
2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) 정보주체가 지불을 해야 하는지에 관계없이 유럽연합 역내의 정보주체에게 재화와 용역을 제공
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) 유럽연합 역내에서 발생하는 정보주체의 행태를 모니터링
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
[…]
[…]
(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27002, section 6.1.1.
Here is the relevant paragraph to article 27 GDPR:
6.3.1.1 Information security roles and responsibilities
Implementation guidance
The organization should designate a point of contact for use by the customer regarding the processing of PII. When the organization is a PII controller, designate a point of contact for PII principals regarding the processing of their PII (see 7.3.2).
The organization should appoint one or more persons responsible for developing, implementing, maintaining and monitoring an organization-wide governance and privacy program, to ensure compliance with all applicable laws and regulations regarding the processing of PII.
(EN) […]
(EN) Sign in
to read the full text