Airteagal 3 RGCS (GDPR). Raon feidhme críochach
Article 3 GDPR. Territorial scope
Airteagal 46 RGCS (GDPR). Aistrithe faoi réir coimircí iomchuí
Article 46 GDPR. Transfers subject to appropriate safeguards
1. I gcás nach mbeidh cinneadh déanta de bhun Airteagal 45(3), ní fhéadfaidh rialaitheoir ná próiseálaí sonraí pearsanta a aistriú go tríú tír ná go heagraíocht idirnáisiúnta ach amháin má tá coimircí iomchuí soláthraithe ag an rialaitheoir nó ag an bpróiseálaí, agus ar an gcoinníoll go bhfuil cearta in-fhorfheidhmithe agus réitigh éifeachtacha dlí ar fáil d’ábhair sonraí.
1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
2. Féadfar foráil a dhéanamh do na coimircí iomchuí dá dtagraítear i mír 1, gan aon údarú sonrach a bheith ag teastáil ó údarás maoirseachta, trí:
2. The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorisation from a supervisory authority, by:
[…]
[…]
(f) sásra deimhniúcháin formheasta de bhun Airteagal 42 i dteannta le gealltanais cheangailteacha in-fhorfheidhmithe ón rialaitheoir nó ón bpróiseálaí sa tríú tír na coimircí iomchuí a chur i bhfeidhm, lena n-áirítear maidir le cearta na n-ábhar sonraí do na sonraí.
(f) an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights.
[…]
[…]
(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27001, section 4.1.
Here is the relevant paragraph to article 42 GDPR:
5.2.1 Understanding the organization and its context
The organization shall include among its interested parties (see ISO/IEC 27001:2013, 4.2), those parties having interests or responsibilities associated with the processing of PII, including the PII principals.
…
Logga in
för att komma åt hela textenу