Airteagal 46 RGCS (GDPR). Aistrithe faoi réir coimircí iomchuí
Article 46 GDPR. Transfers subject to appropriate safeguards
Airteagal 47 RGCS (GDPR). Rialacha ceangailteacha corporáideacha
Article 47 GDPR. Binding corporate rules
Airteagal 49 RGCS (GDPR). Maoluithe i gcásanna sonracha
Article 49 GDPR. Derogations for specific situations
1. In éagmais cinneadh leordhóthanachta de bhun Airteagal 45(3), nó in éagmais coimircí iomchuí de bhun Airteagal 46, lena n-áirítear rialacha ceangailteacha corparáideacha, ní dhéanfar aistriú sonraí pearsanta ná sraith d’aistrithe sonraí pearsanta chuig tríú tír ná chuig eagraíocht idirnáisiúnta ach amháin ar cheann amháin de na coinníollacha seo a leanas:
1. In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions:
[…]
[…]
I gcás nach bhféadfaí aistriú a bhunú ar fhoráil in Airteagal 45 nó in Airteagal 46, lena n-áirítear forálacha rialacha ceangailteacha corparáideacha, agus nach bhfuil aon cheann de na maoluithe do chásanna sonracha dá dtagraítear sa chéad fhomhír den mhír seo infheidhme mura aistriú atarlaitheach é, mura mbaineann sé ach le líon teoranta ábhar sonraí, más gá é chun críocha na leasanna dlisteanacha tathantacha atá á saothrú ag an rialaitheoir agus nach bhfuil sáraíocht ag leasanna, cearta nó saoirsí bunúsacha an ábhair sonraí orthu, agus measúnú déanta ag an rialaitheoir ar na himthosca ar fad a bhaineann le haistriú na sonraí pearsanta agus, ar bhonn an mheasúnaithe sin go bhfuil coimircí oiriúnacha soláthraithe aige i ndáil le cosaint sonraí pearsanta. Maidir le pointe (h) den chéad fhomhír, cuirfidh an rialaitheoir an t-údarás maoirseachta ar an eolas faoin aistriú. Chomh maith leis an fhaisnéis dá dtagraítear in Airteagal 13 agus Airteagal 14, cuirfidh an rialaitheoir an t-ábhar sonraí ar an eolas maidir leis an aistriú agus maidir leis na leasanna dlisteanacha tathantacha atá á saothrú
Where a transfer could not be based on a provision in Article 45 or 46, including the provisions on binding corporate rules, and none of the derogations for a specific situation referred to in the first subparagraph of this paragraph is applicable, a transfer to a third country or an international organisation may take place only if the transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by the controller which are not overridden by the interests or rights and freedoms of the data subject, and the controller has assessed all the circumstances surrounding the data transfer and has on the basis of that assessment provided suitable safeguards with regard to the protection of personal data. The controller shall inform the supervisory authority of the transfer. The controller shall, in addition to providing the information referred to in Articles 13 and 14, inform the data subject of the transfer and on the compelling legitimate interests pursued.
[…]
[…]
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraph to article 14(2)(a) GDPR:
7.4.7 Retention
Control
The organization should not retain PII for longer than is necessary for the purposes for which the PII is processed.
Implementation guidance
The organization should develop and maintain retention schedules for information it retains, taking into account the requirement to retain PII for no longer than is necessary.
…
Logi sisse
terviktekstile juurdepääsuks