... 5. Cuirfidh Cathaoirleach an Bhoird an cinneadh dá dtagraítear i mír 1 in iúl do na húdaráis mhaoirseachta lena mbaineann gan aon mhoill mhíchuí. Cuirfidh sé an Coimisiún ar an eolas ina thaobh sin. Foilseofar an cinneadh gan mhoill ar shuíomh gréasáin an Bhoird tar éis don údarás maoirseachta fógra a thabhairt faoin gcinneadh críochnaitheach dá dtagraítear i mír 6. ...
... 5. The Chair of the Board shall notify, without undue delay, the decision referred to in paragraph 1 to the supervisory authorities concerned. It shall inform the Commission thereof. The decision shall be published on the website of the Board without delay after the supervisory authority has notified the final decision referred to in paragraph 6. ...
... 6. Glacfaidh an príomhúdarás maoirseachta, nó, de réir mar a bheidh, an t-údarás maoirseachta ar taisceadh an gearán leis cinneadh críochnaitheach ar bhonn an chinnidh dá dtagraítear i mír 1 den Airteagal seo, gan aon mhoill mhíchuí agus tráth nach déanaí ná aon mhí amháin tar éis don Bhord fógra a thabhairt maidir lena chinneadh. Déanfaidh an príomhúdarás maoirseachta, nó, de réir mar a bheidh, an t-údarás maoirseachta ar taisceadh an gearán leis, an Bord a chur ar an eolas faoin dáta a gcuirfear fógra faoina chinneadh críochnaitheach chuig an rialaitheoir nó chuig an bpróiseálaí agus chuig an ábhar sonraí, faoi seach. Glacfar cinneadh críochnaitheach na n-údarás maoirseachta lena mbaineann faoi théarmaí Airteagal 60(7), (8) agus (9). Tagrófar sa chinneadh críochnaitheach don chinneadh dá dtagraítear i mír 1, agus sonrófar ann go ndéanfar an cinneadh dá dtagraítear i mír 1 den Airteagal seo a fhoilsiú ar shuíomh gréasáin an Bhoird i gcomhréir le mír 5 den Airteagal seo. Ceanglófar leis an gcinneadh críochnaitheach an cinneadh dá dtagraítear i mír 1 den Airteagal seo. ...
... 6. The lead supervisory authority or, as the case may be, the supervisory authority with which the complaint has been lodged shall adopt its final decision on the basis of the decision referred to in paragraph 1 of this Article, without undue delay and at the latest by one month after the Board has notified its decision. The lead supervisory authority or, as the case may be, the supervisory authority with which the complaint has been lodged, shall inform the Board of the date when its final decision is notified respectively to the controller or the processor and to the data subject. The final decision of the supervisory authorities concerned shall be adopted under the terms of Article 60(7), (8) and (9). The final decision shall refer to the decision referred to in paragraph 1 of this Article and shall specify that the decision referred to in that paragraph will be published on the website of the Board in accordance with paragraph 5 of this Article. The final decision shall attach the decision referred to in paragraph 1 of this Article. ...
... 8. Déanfaidh an Coimisiún liosta a fhoilsiú, in Iris Oifigiúil an Aontais Eorpaigh agus ar a shuíomh gréasáin, de na tríú tíortha, de na críocha agus de na hearnálacha sonraithe i dtríú tír agus de na heagraíochtaí idirnáisiúnta ar chinn an Coimisiún ina leith go raibh nó nach raibh a leibhéil chosanta leormhaith. ...
... 8. The Commission shall publish in the Official Journal of the European Union and on its website a list of the third countries, territories and specified sectors within a third country and international organisations for which it has decided that an adequate level of protection is or is no longer ensured. ...
... (58) Ceanglaítear le prionsabal na trédhearcachta gur cheart é a bheith éasca rochtain a fháil ar aon fhaisnéis atá dírithe ar an bpobal nó ar an ábhar sonraí, gur cheart don fhaisnéis sin a bheith gonta agus éasca a thuiscint agus gur cheart í a bheith i dteanga shoiléir shimplí agus, sa bhreis air sin, gur cheart úsáid a bhaint as léirshamhlú, i gcás inarb ábhartha. D'fhéadfaí faisnéis den sórt sin a chur ar fáil i bhfoirm leictreonach, mar shampla, agus í dírithe ar an bpobal, trí shuíomh gréasáin. Tá ábharthacht ar leith ag baint leis sin i staideanna ina bhfágann iomadú na ngníomhaithe agus castacht theicneolaíoch an chleachtais nach éasca don ábhar sonraí a bheith ar an eolas faoi cibé an bhfuil sonraí pearsanta a bhaineann leis nó léi á mbailiú, faoi cé atá á mbailiú agus faoi cad chuige a bhfuil siad á mbailiú, agus nach éasca dó nó di an méid sin a thuiscint, amhail i gcás fógraíocht ar líne. Toisc go bhfuil cosaint ar leith dlite do leanaí, ba cheart aon fhaisnéis agus cumarsáid maidir le próiseáil a bhaineann le leanbh a thabhairt i dteanga shoiléir shimplí le go bhféadfaidh an leanbh í a thuiscint go héasca. ...
... (58) The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used. Such information could be provided in electronic form, for example, when addressed to the public, through a website. This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising. Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand. ...
... (143) Tá an ceart ag aon duine nádúrtha nó dlítheanach caingean a thionscnamh chun cinntí de chuid an Bhoird a neamhniú os comhair na Cúirt Breithiúnais faoi na coinníollacha dá bhforáiltear in Airteagal 263 CFAE. Mar sheolaithe cinntí den sórt sin, ní mór do na húdaráis mhaoirseachta lena mbaineann, ar mian leo agóid a dhéanamh in aghaidh na gcinntí, caingean a thionscnamh laistigh de dhá mhí tar éis fógra a fháil fúthu, i gcomhréir le hAirteagal 263 CFAE. I gcás chinntí an Bhoird a bhfuil baint dhíreach phearsanta acu le rialaitheoir, próiseálaí nó an gearánach, féadfaidh an gearánach sin caingean a thionscnamh le haghaidh neamhniú i gcoinne na gcinntí sin agus ba cheart dóibh amhlaidh a dhéanamh laistigh de dhá mhí tar éis a fhoilsithe ar shuíomh gréasáin an Bhoird, i gcomhréir le hAirteagal 263 CFAE. Gan dochar don cheart sin faoi Airteagal 263 CFAE, ba cheart leigheas éifeachtach breithiúnach a bheith ag gach duine nádúrtha nó dlítheanach os comhair na cúirte náisiúnta inniúla in aghaidh cinneadh ó údarás maoirseachta a bhfuil éifeachtaí dlíthiúla aige a bhaineann leis an duine sin. Baineann cinneadh den sórt sin go háirithe le feidhmiú cumhachtaí imscrúdaitheacha, ceartaitheacha agus údaraithe ag an údarás maoirseachta nó le gearáin a dhíbhe nó a dhiúltú. Mar sin féin, ní chuimsítear leis an gceart an chun leigheas breithiúnach éifeachtach a fháil bearta a dhéanann údaráis mhaoirseachta nach bhfuil ceangailteach ó thaobh dlí de, amhail tuairimí a d'eisigh an t-údarás maoirseachta nó comhairle a thug sé. Ba cheart imeachtaí i gcoinne údarás maoirseachta a thabhairt os comhair chúirteanna an Bhallstáit ina bhfuil an t-údarás maoirseachta bunaithe agus ba cheart iad a dhéanamh i gcomhréir le dlí nós imeachta an Bhallstáit sin. Ba cheart do na cúirteanna sin dlínse iomlán a fheidhmiú ar cheart a bheith ar áireamh inti dlínse chun scrúdú a dhéanamh ar na ceisteanna uile fírice agus dlí atá ábhartha maidir leis an díospóid atá os a gcomhair. ...
... (143) Any natural or legal person has the right to bring an action for annulment of decisions of the Board before the Court of Justice under the conditions provided for in Article 263 TFEU. As addressees of such decisions, the supervisory authorities concerned which wish to challenge them have to bring action within two months of being notified of them, in accordance with Article 263 TFEU. Where decisions of the Board are of direct and individual concern to a controller, processor or complainant, the latter may bring an action for annulment against those decisions within two months of their publication on the website of the Board, in accordance with Article 263 TFEU. Without prejudice to this right under Article 263 TFEU, each natural or legal person should have an effective judicial remedy before the competent national court against a decision of a supervisory authority which produces legal effects concerning that person. Such a decision concerns in particular the exercise of investigative, corrective and authorisation powers by the supervisory authority or the dismissal or rejection of complaints. However, the right to an effective judicial remedy does not encompass measures taken by supervisory authorities which are not legally binding, such as opinions issued by or advice provided by the supervisory authority. Proceedings against a supervisory authority should be brought before the courts of the Member State where the supervisory authority is established and should be conducted in accordance with that Member State's procedural law. Those courts should exercise full jurisdiction, which should include jurisdiction to examine all questions of fact and law relevant to the dispute before them. ...
... ...
... Moreover, necessary information should also be provided in the right context, at the appropriate time. Since the controller carries out many processing operations using the data collected on the website, a general privacy policy on the website alone is not sufficient for the controller to meet the requirements of transparency. The controller therefore designs an information flow, presenting the data subject with relevant information within the appropriate contexts using e.g. informational snippets or pop-ups. For example, when asking the data subject to enter personal data, the controller informs the data subject of how the personal data will be processed and why that personal data is necessary for the processing. ...
... ...
... Example Every organisation that maintains a website should publish a privacy statement/ notice on the website. A direct link to this privacy statement/ notice should be clearly visible on each page of this website under a commonly used term (such as “Privacy”, “Privacy Policy” or “Data Protection Notice”). Positioning or colour schemes that make a text or link less noticeable, or hard to find on a webpage, are not considered easily accessible. For apps, the necessary information should also be made available from an online store prior to download. Once the app is installed, the information still needs to be easily accessible from within the app. One way to meet this requirement is to ensure that the information is never more than “two taps away” (e.g. by including a “Privacy”/ “Data Protection” option in the menu functionality of the app). Additionally, the privacy information in question should be specific to the particular app and should not merely be the generic privacy policy of the company that owns the app or makes it available to the public. WP29 recommends as a best practice that at the point of collection of the personal data in an online context a link to the privacy statement/ notice is provided or that this information is made available on the same page on which the personal data is collected. ...
... ...
... Example 24: The website referred to in example 12, based and managed in Turkey, offers services for the creation, edition, printing and shipping of personalised family photo albums. The website is available in English, French, Dutch and German and payments can be made in Euros or Sterling. The website indicates that photo albums can only be delivered by post mail in the France, Benelux countries and Germany. This website being subject to the GDPR, as per its Article 3(2)(a), the data controller must designate a representative in the Union. ...
... ...
... 90. When a processing operation by a controller or processor is certified according to Article 42, the elements that contribute to demonstrating compliance with Article 25(1) and (2) are the design processes, i.e. the process of determining the means of processing, the governance and the technical and organizational measures to implement the data protection principles The data protection certification criteria are determined by the certification bodies or certification scheme owners and then approved by the competent supervisory authority or by the EDPB. For further information about certification mechanisms, we refer the reader to the EDPB Guideline on Certification[42] and other relevant guidance, as published on the EDPB website. ...
... ...
... [46] “Such information could be provided in electronic form, for example, when addressed to the public, through a website. This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising.” ...