Nascleanúint
RGCS (GDPR) > Airteagal 27. Ionadaithe do rialaitheoirí nódo phróiseálaithe nach bhfuil bunaithe san Aontas
Íoslódáil PDF

Airteagal 27 RGCS (GDPR). Ionadaithe do rialaitheoirí nódo phróiseálaithe nach bhfuil bunaithe san Aontas

Article 27 GDPR. Representatives of controllers or processors not established in the Union

1. I gcás ina mbeidh feidhm ag Airteagal 3(2), déanfaidh an rialaitheoir nó an próiseálaí ionadaí a ainmniú, i scríbhinn, san Aontas.

1. Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.

Téacsanna gaolmhara

2. Ní bheidh feidhm ag an oibleagáid a leagtar síos i mír 1 den Airteagal seo maidir leid an méid seo a leanas:

2. The obligation laid down in paragraph 1 of this Article shall not apply to:

(a) próiseáil a dhéantar go hócáideach agus nach n-áirítear leis sin, ar mhórscála, próiseáil catagóirí speisialta sonraí dá dtagraítear in Airteagal 9(1) nó próiseáil sonraí pearsanta a bhaineann le ciontuithe coiriúla agus cionta dá dtagraítear in Airteagal 10 agus nach dóigh go mbeidh riosca ann i leith chearta agus shaoirsí na ndaoine, ag féachaint do chineál, do raon feidhme agus do chríocha na próiseála; nó

(a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or

Téacsanna gaolmhara

(b) údarás nó comhlacht poiblí.

(b) a public authority or body.

Téacsanna gaolmhara

3. Beidh an t-ionadaí bunaithe i gceann amháin de na Ballstáit ina bhfuil na hábhair sonraí a bpróiseáiltear a sonraí pearsanta i ndáil le hearraí nó seirbhísí a chur ar fáil dóibh, nó a ndéantar faireachán ar a n iompar.

3. The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.

Téacsanna gaolmhara

4. Tabharfaidh an rialaitheoir nó an próiseálaí sainordú go rachaidh na húdaráis mhaoirseachta agus na hábhair sonraí go háirithe, de bhreis ar an rialaitheoir nó an próiseálaí nó ina n-ionad siúd, i dteagmháil leis an ionadaí maidir leis na saincheisteanna uile a bhaineann leis an bpróiseáil, d’fhonn a áirithiú go gcomhlíonfar an Rialachán seo.

4. The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.

5. Ní dochar do chaingean dlí a d’fhéadfaí a thionscnamh i gcoinne an rialaitheora féin nó an phróiseálaí féin an rialaitheoir nó an próiseálaí do cheapadh ionadaí.

5. The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.

ISO 27701 Recitals Leave a comment
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27002, section 6.1.1.

Here is the relevant paragraph to article 27 GDPR:

6.3.1.1 Information security roles and responsibilities

Implementation guidance

The organization should designate a point of contact for use by the customer regarding the processing of PII. When the organization is a PII controller, designate a point of contact for PII principals regarding the processing of their PII (see 7.3.2).

The organization should appoint one or more persons responsible for developing, implementing, maintaining and monitoring an organization-wide governance and privacy program, to ensure compliance with all applicable laws and regulations regarding the processing of PII.

(EN) […]


to read the full text

Recitals

(80) I gcás ina bhfuil rialaitheoir nó próiseálaí nach bhfuil bunaithe san Aontas ag próiseáil sonraí pearsanta ábhar sonraí agus atá san Aontas, a mbaineann a ghníomhaíochtaí próiseála nó a gníomhaíochtaí próiseála le hearraí nó seirbhísí a thairiscint, cé acu a n-éilítear nó nach n-éilítear íocaíocht ón ábhar sonraí, d'ábhair sonraí san Aontas, nó a mbaineann a ghníomhaíochtaí próiseála nó a gníomhaíochtaí próiseála le faireachán a dhéanamh ar iompar na n-ábhar sonraí a mhéid atá an t-iompar sin ar bun laistigh den Aontas, ba cheart don rialaitheoir nó don phróiseálaí ionadaí a cheapadh, ach amháin má tá an phróiseáil ócáideach, nach n-áirítear léi próiseáil, ar scála mór, catagóirí speisialta sonraí pearsanta ná an phróiseáil a dhéantar ar shonraí pearsanta a bhaineann le ciontuithe coiriúla agus cionta, agus nach dócha go mbeadh riosca do chearta agus do shaoirsí daoine nádúrtha mar thoradh uirthi, agus cineál, comhthéacs, raon feidhme agus críocha na próiseála nó más údarás poiblí nó comhlacht poiblí é an rialaitheoir á gcur san áireamh. Ba cheart don ionadaí gníomhú thar ceann an rialaitheora nó an phróiseálaí agus féadfaidh aon údarás maoirseachta cumarsáid a dhéanamh leis. Ba cheart an t-ionadaí a cheapadh go sainráite trí shainordú i scríbhinn ón rialaitheoir nó ón bpróiseálaí chun gníomhú ar a shon maidir lena oibleagáidí faoin Rialachán seo. Ní dhéanann ceapadh ionadaí den sórt sin difear d'fhreagracht ná do dhliteanas an rialaitheora nó an phróiseálaí faoin Rialachán seo. Ba cheart d'ionadaí den sórt sin a chúraimí a chomhlíonadh de réir an tsainordaithe a fuarthas ón rialaitheoir nó ón bpróiseálaí, lena n-áirítear comhoibriú leis na húdaráis inniúla mhaoirseachta maidir le haon ghníomh a dhéantar chun comhlíonadh an Rialacháin seo a áirithiú. Ba cheart an t-ionadaí a cheaptar a bheith faoi réir imeachtaí forfheidhmithe i gcás neamh-chomhlíonadh an rialaitheora nó an phróiseálaí.

(80) Where a controller or a processor not established in the Union is processing personal data of data subjects who are in the Union whose processing activities are related to the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union, or to the monitoring of their behaviour as far as their behaviour takes place within the Union, the controller or the processor should designate a representative, unless the processing is occasional, does not include processing, on a large scale, of special categories of personal data or the processing of personal data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing or if the controller is a public authority or body. The representative should act on behalf of the controller or the processor and may be addressed by any supervisory authority. The representative should be explicitly designated by a written mandate of the controller or of the processor to act on its behalf with regard to its obligations under this Regulation. The designation of such a representative does not affect the responsibility or liability of the controller or of the processor under this Regulation. Such a representative should perform its tasks according to the mandate received from the controller or processor, including cooperating with the competent supervisory authorities with regard to any action taken to ensure compliance with this Regulation. The designated representative should be subject to enforcement proceedings in the event of non-compliance by the controller or processor.

Leave a comment
[js-disqus]