第 3 條 GDPR. 領土適用範圍
Article 3 GDPR. Territorial scope
[…]
[…]
2. 本規則適用於由非設立於歐盟境內之控管者或處理者對於歐盟境 內之資料主體所為涉及如下事項之個人資料處理:
2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) 對歐盟境內之資料主體提供商品或服務,不問是否需要資料主體 付款;
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) 對於資料主體於歐盟內所為行為之監控。
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
[…]
[…]
(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27002, section 6.1.1.
Here is the relevant paragraph to article 27 GDPR:
6.3.1.1 Information security roles and responsibilities
Implementation guidance
The organization should designate a point of contact for use by the customer regarding the processing of PII. When the organization is a PII controller, designate a point of contact for PII principals regarding the processing of their PII (see 7.3.2).
The organization should appoint one or more persons responsible for developing, implementing, maintaining and monitoring an organization-wide governance and privacy program, to ensure compliance with all applicable laws and regulations regarding the processing of PII.
…
로그인
전체 텍스트에 액세스하려면