第 3 條 GDPR. 領土適用範圍
Article 3 GDPR. Territorial scope
第 46 條 GDPR. 須遵守適當保護措施之移轉
Article 46 GDPR. Transfers subject to appropriate safeguards
1. 於欠缺第 45 條第 3 項之決定時,控管者或處理者僅於其提供適當 保護措施,且資料主體之權利得為執行,並具備有效權利救濟時,始 得移轉個人資料至第三國或國際組織。
1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
2. 第 1項所稱之適當保護措施,於無監管機關為特定授權之情形下, 得以下列方式提供:
2. The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorisation from a supervisory authority, by:
[…]
[…]
(f) 依第 42 條經核准之驗證機制,及第三國之控管者或處理者有拘束 力且可執行之協約,以適用適當保護措施,包括關於資料主體之權 利。
(f) an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights.
[…]
[…]
(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27001, section 4.1.
Here is the relevant paragraph to article 42 GDPR:
5.2.1 Understanding the organization and its context
The organization shall include among its interested parties (see ISO/IEC 27001:2013, 4.2), those parties having interests or responsibilities associated with the processing of PII, including the PII principals.
…
Σύνδεση
για πρόσβαση στο πλήρες κείμενο