第 16 條 GDPR. 更正權
Article 16 GDPR. Right to rectification
資料主體應有權使控管者更正其不正確之個人資料,不得無故拖延。 考量到處理之目的,資料主體應有權完整化其有欠缺之個人資料,包 括以提供補充說明之方式。
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
第 17 條 GDPR. 刪除權(「被遺忘權」)
Article 17 GDPR. Right to erasure (‘right to be forgotten’)
1. 有下列情事者,資料主體應有權使控管者刪除其個人資料,不得 無故拖延,且控管者應有義務刪除該個人資料,不得無故拖延:
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
[…]
[…]
第 18 條 GDPR. 限制處理權
Article 18 GDPR. Right to restriction of processing
1. 於下列情事者,資料主體應有權限制控管者之處理:
1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) 資料主體質疑其個人資料之正確性,而給予控管者驗證該個人資 料正確性之期間;
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) 處理係違法的,且資料主體拒絕刪除該個人資料並要求限制其使 用者;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) 控管者就其處理之目的不再需要該個人資料,但該個人資料為資 料主體建立、行使或防禦法律上請求所必須者;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) 資料主體已依照第 21 條第 1 項拒絕該處理,而在等待確認控管 者是否具有優先於資料主體權益之正當理由;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. 處理依據第一項被限制時,該個人資料,除儲存外,應僅限基於 資料主體之同意、或為建立、行使或防禦法律上請求、或為保護他人 或法人之權利、或基於歐盟法或會員國法律所定重要公共利益之理由,始得處理。
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. 資料主體依第一項規定已限制處理者,控管者於取消處理限制前, 應通知資料主體。
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
(EN) Article 19 includes a notification obligation, which should not be confused with the specific personal data breach notification obligation (article 33). It is a mechanism that gives full effect to other provisions of the General Data Protection Regulation, ensuring that third parties are informed about actions taken by the controller regarding personal data (recital 66).
…
Σύνδεση
για πρόσβαση στο πλήρες κείμενο