1. 資料主體應有權基於與其具體情況有關之理由,隨時拒絕依第 6 條第 1 項第 e 點或第 f 點規定所為有關其個人資料之處理,包括基於 該等條款所為之建檔。控管者應不得再處理該個人資料,除非該控管 者證明其處理有優先於資料主體權利及自由之法律依據、或為建立、 行使或防禦法律上請求所為之者。
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraphs to article 21(4) GDPR:
7.3.2 Determining information for PII principals
Control
The organization should determine and document the information to be provided to PII principals regarding the processing of their PII and the timing of such a provision.
Implementation guidance
The organization should determine the legal, regulatory and/or business requirements for when information is to be provided to the PII principal (e.g. prior to processing, within a certain time from when it is requested, etc.) and for the type of information to be provided.
(EN) […]
(EN) Sign in
to read the full text
Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30
(EN)
Concern: Request to stop processing my personal data
Dear Madam, Dear Sir,
You have data concerning me that I am asking you to stop processing…
(EN) […]
(EN) Sign in
to read the full text
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraph to article 21 GDPR:
7.3.5 Providing mechanism to object to PII processing
Control
The organization should provide a mechanism for PII principals to object to the processing of their PII.
Implementation guidance
Some jurisdictions provide PII principals with a right to object to the processing of their PII.
(EN) […]
(EN) Sign in
to read the full text
(EN)