第 45 條 GDPR. 基於充足程度保護決定之移轉
[…]
3. 執委會於評估保護之充足程度後,得透過施行法決定第三國、第 三國內之領域或單一或多數之特定部門、或國際組織依本條第 2 項之 方式確保充足程度保護。施行法應提供定期檢驗機制,至少四年一次, 並應考量第三國或國際組織之所有相關發展。施行法應特定其適用之 領域及部門,且於得適用時,確認監管機關或本條第 2 項第 b 點所稱之機關。施行法應採行第 93 條第 2 項之檢驗程序。
[…]
第 46 條 GDPR. 須遵守適當保護措施之移轉
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraph to article 49 GDPR:
7.5.1 Identify basis for PII transfer between jurisdictions
Control
The organization should identify and document the relevant basis for transfers of PII between jurisdictions.
Implementation guidance
PII transfer can be subject to legislation and/or regulation depending on the jurisdiction or international organization to which data is to be transferred (and from where it originates).
(EN) […]
(EN) Sign in
to read the full text