Navegaci贸n
RGPD > Art铆culo聽27. Representantes de responsables o encargados del tratamiento no establecidos en la Uni贸n
Descargar PDF

Art铆culo聽27 RGPD. Representantes de responsables o encargados del tratamiento no establecidos en la Uni贸n

Article 27 GDPR. Representatives of controllers or processors not established in the Union

1. Cuando sea de aplicaci贸n el art铆culo聽3, apartado聽2, el responsable o el encargado del tratamiento designar谩 por escrito un representante en la Uni贸n.

1. Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.

Textos enlazados

2. La obligaci贸n establecida en el apartado聽1 del presente art铆culo no ser谩 aplicable:

2. The obligation laid down in paragraph 1 of this Article shall not apply to:

a) al tratamiento que sea ocasional, que no incluyan el manejo a gran escala de categor铆as especiales de datos indicadas en el art铆culo聽9, apartado聽1, o de datos personales relativos a condenas e infracciones penales a que se refiere el art铆culo聽10, y que sea improbable que entra帽e un riesgo para los derechos y libertades de las personas f铆sicas, teniendo en cuenta la naturaleza, contexto, alcance y objetivos del tratamiento,聽o

(a)聽processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or

Textos enlazados

b) a las autoridades u organismos p煤blicos.

(b)聽a public authority or body.

Textos enlazados

3. El representante estar谩 establecido en uno de los Estados miembros en que est茅n los interesados cuyos datos personales se traten en el contexto de una oferta de bienes o servicios, o cuyo comportamiento est茅 siendo controlado.

3. The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.

Textos enlazados

4. El responsable o el encargado del tratamiento encomendar谩 al representante que atienda, junto al responsable o al encargado, o en su lugar, a las consultas, en particular, de las autoridades de control y de los interesados, sobre todos los asuntos relativos al tratamiento, a fin de garantizar el cumplimiento de lo dispuesto en el presente Reglamento.

4. The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.

5. La designaci贸n de un representante por el responsable o el encargado del tratamiento se entender谩 sin perjuicio de las acciones que pudieran emprenderse contra el propio responsable o encargado.

5. The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.

ISO 27701 Considerandos Deja un comentario
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27002, section 6.1.1.

Here is the relevant paragraph to article 27 GDPR:

6.3.1.1 Information security roles and responsibilities

Implementation guidance

The organization should designate a point of contact for use by the customer regarding the processing of PII. When the organization is a PII controller, designate a point of contact for PII principals regarding the processing of their PII (see 7.3.2).

The organization should appoint one or more persons responsible for developing, implementing, maintaining and monitoring an organization-wide governance and privacy program, to ensure compliance with all applicable laws and regulations regarding the processing of PII.


para acceder al texto completo

Considerandos

(80) El responsable o el encargado del tratamiento no establecido en la Uni贸n que est茅 tratando datos personales de interesados que residan en la Uni贸n y cuyas actividades de tratamiento est谩n relacionadas con la oferta de bienes o servicios a dichos interesados en la Uni贸n, independientemente de si se requiere un pago por parte de estos, o con el control de su comportamiento en la medida en que este tenga lugar en la Uni贸n, debe designar a un representante, a menos que el tratamiento sea ocasional, no incluya el tratamiento a gran escala de categor铆as especiales de datos personales o el tratamiento de datos personales relativos a condenas e infracciones penales, y sea improbable que entra帽e un riesgo para los derechos y libertades de las personas f铆sicas, vista la naturaleza, el contexto, el 谩mbito y los fines del tratamiento, o si el responsable del tratamiento es una autoridad u organismo p煤blico. El representante debe actuar por cuenta del responsable o el encargado y puede ser contactado por cualquier autoridad de control. El representante debe ser designado expresamente por mandato escrito del responsable o del encargado para que act煤e en su nombre con respecto a las obligaciones que les incumben en virtud del presente Reglamento. La designaci贸n de dicho representante no afecta a la responsabilidad del responsable o del encargado en virtud del presente Reglamento. Dicho representante debe desempe帽ar sus funciones conforme al mandato recibido del responsable o del encargado, incluida la cooperaci贸n con las autoridades de control competentes en relaci贸n con cualquier medida que se tome para garantizar el cumplimiento del presente Reglamento. El representante designado debe estar sujeto a medidas coercitivas en caso de incumplimiento por parte del responsable o del encargado.

(80) Where a controller or a processor not established in the Union is processing personal data of data subjects who are in the Union whose processing activities are related to the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union, or to the monitoring of their behaviour as far as their behaviour takes place within the Union, the controller or the processor should designate a representative, unless the processing is occasional, does not include processing, on a large scale, of special categories of personal data or the processing of personal data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing or if the controller is a public authority or body. The representative should act on behalf of the controller or the processor and may be addressed by any supervisory authority. The representative should be explicitly designated by a written mandate of the controller or of the processor to act on its behalf with regard to its obligations under this Regulation. The designation of such a representative does not affect the responsibility or liability of the controller or of the processor under this Regulation. Such a representative should perform its tasks according to the mandate received from the controller or processor, including cooperating with the competent supervisory authorities with regard to any action taken to ensure compliance with this Regulation. The designated representative should be subject to enforcement proceedings in the event of non-compliance by the controller or processor.

Deja un comentario
[js-disqus]