(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraphs to article 15(2) GDPR:
7.3.2 Determining information for PII principals
Control
The organization should determine and document the information to be provided to PII principals regarding the processing of their PII and the timing of such a provision.
Implementation guidance
The organization should determine the legal, regulatory and/or business requirements for when information is to be provided to the PII principal (e.g. prior to processing, within a certain time from when it is requested, etc.) and for the type of information to be provided.
…
Prisijungti
norėdami pasiekti visą tekstą
3. 控管者應提供所在處理之個人資料副本乙份。資料主體所要求之 任何更多副本,控管者得依行政成本收取合理費用。如資料主體係以 電子方式提出請求,除資料主體有不同要求外,該資訊之提供亦應以 電子方式為之。
(RU)
ISO/IEC 27701, принятый в 2019, добавил дополнительное руководство к ISO/IEC 27002 для контролеров персональных данных (ПИИ).
Приводим соответствующий параграф к статье 15(3) GDPR:
8.3.1 Обязательства по отношению к субъектам ПИИ
Средство управления
Организация должна обеспечить клиента механизмами выполнения своих обязательств, связанных с принципами ПИИ.
Руководство по внедрению
Обязанности контролера ПИИ могут быть определены законодательством, регламентом и / или договором.
…
Prisijungti
norėdami pasiekti visą tekstą
Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30
(EN)
Concern: Request to access my personal data
Dear Madam, Dear Sir,
I would like to know if you have any data concerning me, processed manually or by automated means, whether stored in digital databases or paper files…
…
Prisijungti
norėdami pasiekti visą tekstą
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraphs to article 15 GDPR:
7.3.2 Determining information for PII principals
Control
The organization should determine and document the information to be provided to PII principals regarding the processing of their PII and the timing of such a provision.
Implementation guidance
The organization should determine the legal, regulatory and/or business requirements for when information is to be provided to the PII principal (e.g. prior to processing, within a certain time from when it is requested, etc.) and for the type of information to be provided.
…
Prisijungti
norėdami pasiekti visą tekstą
(63) 資料主體應有權接近使用其所受蒐集之個人資料,並得容易地、 於合理之時間間隔行使接近使用權,以知悉並核實該處理之合法性。 此包括資料主體有權接近使用其健康資訊,例如包括診斷、檢驗結果、 醫師所為評鑑及任何治療或干擾措施提供之資訊。因此,各資料主體 應有權知悉及獲得溝通,尤其是個人資料受處理之目的、受處理之可 能期間、個人資料之接收者、任何自動處理個人資料所涉及之邏輯、 以及至少於建檔時之資料處理結果。若有可能,控管者應提供得遠端 使用之安全系統以提供資料主體對其個人資料有直接之接近使用權。 該權利不得對他人之權利或自由有不利之影響,包括營業秘密或智慧 財產權,尤其是保護軟體之著作權。但是,就此等面向之顧慮不得導 致拒絕提供所有資訊予資料主體之結果。當控管者處理有關資料主體 之大量資訊時,應得於資訊傳遞前請求資料主體特定與其請求相關之 資訊或處理活動。
(EN)
Information Commissioner’s Office, Right of Access (2020).
EDPB, Guidelines 8/2020 on the targeting of social media users (2020).
EDPB, Guidelines 3/2019 on Processing of Personal Data through Video Devices (2020).
EDPB, Guidelines 02/2021 on Virtual Voice Assistants (2021).
EDPB, Guidelines 01/2022on data subject rights – Right of access (2022).
CJEU, College van burgemeester en wethouders van Rotterdam/Rijkeboer, C-553/07 (2009).
CJEU, Nowak/Data Protection Commissioner, C-434/16 (2017).
(EN)