Nascleanúint
RGCS (GDPR) > Airteagal 44. Prionsabal ginearálta maidir le haistrithe
Íoslódáil PDF

Airteagal 44 RGCS (GDPR). Prionsabal ginearálta maidir le haistrithe

Article 44 GDPR. General principle for transfers

Aon sonraí pearsanta atá á bpróiseáil nó atá beartaithe lena bpróiseáil tar éis iad a aistriú go tríú tír nó go heagraíocht idirnáisiúnta, ní dhéanfar iad a aistriú ach amháin má chomhlíonann an rialaitheoir agus an próiseálaí, faoi réir na bhforálacha eile atá sa Rialachán seo, na coinníollacha atá leagtha síos sa Chaibidil seo, lena n-áirítear na coinníollacha a bhaineann le sonraí pearsanta a aistriú ar aghaidh ón tríú tír nó ón eagraíocht idirnáisiúnta chuig tríú tír nó eagraíocht idirnáisiúnta eile. Cuirfear na forálacha ar fad sa Chaibidil seo i bhfeidhm chun a áirithiú nach mbaintear an bonn den leibhéal cosanta do dhaoine nádúrtha a ráthaítear leis an Rialachán seo.

Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if, subject to the other provisions of this Regulation, the conditions laid down in this Chapter are complied with by the controller and processor, including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation. All provisions in this Chapter shall be applied in order to ensure that the level of protection of natural persons guaranteed by this Regulation is not undermined.

Tráchtaireacht ISO 27701 Recitals Dlí Treoirlínte & Cásanna Leave a comment
Tráchtaireacht
(EN) Author
Nastassia Parkhimovich
(EN) Nastassia Parkhimovich (EN) LLM, CIPP/E, GDPR DPP
(EN) GDPR Consultant
Siarhei Varankevich
(EN) Siarhei Varankevich CIPP/E, CIPM, CIPT, MBA, FIP
FIP_IAPP
(EN) Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 44 GDPR:

7.5.1 Identify basis for PII transfer between jurisdictions

Control

The organization should identify and document the relevant basis for transfers of PII between jurisdictions.

Implementation guidance

PII transfer can be subject to legislation and/or regulation depending on the jurisdiction or international organization to which data is to be transferred (and from where it originates).

(EN) […]


to read the full text

Recitals

(101) Tá gá le sreabha sonraí pearsanta chuig tíortha atá taobh amuigh den Aontas agus chuig eagraíochtaí idirnáisiúnta agus ó na tíortha agus ó na heagraíochtaí sin chun trádáil idirnáisiúnta agus comhar idirnáisiúnta a leathnú amach. Tá dúshláin nua tagtha chun cinn mar gheall ar mhéadú i sreabha den sórt sin agus is cúis imní sin maidir le cosaint sonraí pearsanta. Nuair a aistrítear sonraí pearsanta ón Aontas chuig rialaitheoirí, próiseálaithe nó faighteoirí eile i dtríú tíortha nó chuig eagraíochtaí idirnáisiúnta, áfach, níor cheart an bonn a bhaint de leibhéal cosanta na ndaoine nádúrtha a ráthaítear san Aontas leis an Rialachán seo, lena n-áirítear i gcásanna ina ndéantar sonraí pearsanta a aistriú ón tríú tír nó ón eagraíocht idirnáisiúnta chuig rialaitheoirí, próiseálaithe sa tríú tír chéanna nó i dtríú tír eile nó san eagraíocht idirnáisiúnta chéanna nó chuig eagraíocht idirnáisiúnta. Ar aon nós, ní fhéadfar aistrithe chuig tríú tíortha agus chuig eagraíochtaí idirnáisiúnta a dhéanamh ach má chomhlíontar an Rialachán seo ina iomláine. Níorbh fhéidir aistriú a dhéanamh ach más rud é, faoi réir fhorálacha eile an Rialacháin seo, go ndéanann an rialaitheoir nó an próiseálaí na coinníollacha a leagtar síos sa Rialachán seo a bhaineann le haistriú sonraí pearsanta chuig tríú tíortha nó chuig eagraíochtaí idirnáisiúnta a chomhlíonadh.

(101) Flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international trade and international cooperation. The increase in such flows has raised new challenges and concerns with regard to the protection of personal data. However, when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, the level of protection of natural persons ensured in the Union by this Regulation should not be undermined, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. In any event, transfers to third countries and international organisations may only be carried out in full compliance with this Regulation. A transfer could take place only if, subject to the other provisions of this Regulation, the conditions laid down in the provisions of this Regulation relating to the transfer of personal data to third countries or international organisations are complied with by the controller or processor.

(102) Tá an Rialachán seo gan dochar do chomhaontuithe idirnáisiúnta arna dtabhairt i gcrích idir an tAontas agus tríú tíortha a rialaíonn aistriú sonraí pearsanta, lena n-áirítear coimircí iomchuí do na hábhair sonraí. Féadfaidh na Ballstáit comhaontuithe idirnáisiúnta a thabhairt i gcrích a bhfuil aistriú sonraí pearsanta chuig tríú tíortha nó chuig eagraíochtaí idirnáisiúnta mar chuid díobh, fad nach ndéanann comhaontuithe den sórt sin difear don Rialachán seo ná d'aon fhorálacha eile de chuid dhlí an Aontais agus go n-áirítear leo leibhéal leordhóthanach cosanta do chearta bunúsacha na n-ábhar sonraí do na sonraí.

(102) This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data to third countries or international organisations, as far as such agreements do not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects.

Dlí Treoirlínte & Cásanna Leave a comment
[js-disqus]