Člen 3 SUVP (GDPR). Ozemeljska veljavnost
Article 3 GDPR. Territorial scope
Člen 46 SUVP (GDPR). Prenosi, za katere se uporabljajo ustrezni zaščitni ukrepi
Article 46 GDPR. Transfers subject to appropriate safeguards
1. Kadar sklep v skladu s členom 45(3) ni sprejet, lahko upravljavec ali obdelovalec osebne podatke prenese v tretjo državo ali mednarodno organizacijo le, če je upravljavec ali obdelovalec predvidel ustrezne zaščitne ukrepe, in pod pogojem, da imajo posamezniki, na katere se nanašajo osebni podatki, na voljo izvršljive pravice in učinkovita pravna sredstva.
1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
2. Ustrezni zaščitni ukrepi iz odstavka 1 se lahko, ne da bi bilo potrebno posebno dovoljenje nadzornih organov, zagotovijo s:
2. The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorisation from a supervisory authority, by:
[…]
[…]
(f) odobrenim mehanizmom potrjevanja v skladu s členom 42, skupaj z zavezujočimi in izvršljivimi zavezami upravljavca ali obdelovalca v tretji državi, da bo uporabljal ustrezne zaščitne ukrepe, tudi glede pravic posameznikov, na katere se nanašajo osebni podatki.
(f) an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights.
[…]
[…]
(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27001, section 4.1.
Here is the relevant paragraph to article 42 GDPR:
5.2.1 Understanding the organization and its context
The organization shall include among its interested parties (see ISO/IEC 27001:2013, 4.2), those parties having interests or responsibilities associated with the processing of PII, including the PII principals.
…
Logi sisse
terviktekstile juurdepääsuks