(j) 共同經濟活動中之事業團體或企業團體確保有拘束力之企業守則 遵循之驗證機制。該等機制應包括資料保護審計及確保糾正措施以保 護資料主體權利之方法。該等驗證之結果應向第 h 點所稱之個人或實 體及共同經濟活動中之事業團體或企業團體之控管階層溝通,並應於 主管監管機關請求時提供;
Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30
(EN)
Article 29 Working Party, Explanatory Document on the Processor Binding Corporate Rules (2015).
Article 29 Working Party, Working Document Setting Forth a Co-Operation Procedure for the Approval of “Binding Corporate Rules” for Controllers and Processors Under the GDPR (2018).
Article 29 Working Party, Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data (2018).
Article 29 Working Party, Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data (2018).
Article 29 Working Party, Working Document Setting Up a Table with the Elements and Principles to Be Found in Binding Corporate Rules, no. WP 256 rev. 01 (2018).
Article 29 Working Party, Working Document Setting Up a Table with the Elements and Principles to Be Found in Binding Corporate Rules, no. WP 257 rev. 01 (2018).
CJEU, Data Protection Commissioner/Facebook Ireland Ltd and Schrems, C-311/18 (2020).
(EN) ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraph to article 47 GDPR:
7.5.1 Identify basis for PII transfer between jurisdictions
Control
The organization should identify and document the relevant basis for transfers of PII between jurisdictions.
Implementation guidance
PII transfer can be subject to legislation and/or regulation depending on the jurisdiction or international organization to which data is to be transferred (and from where it originates).
…
Pieslēgties
lai piekļūtu pilnam tekstam