导航
GDPR > 第 44 條. 移轉之一般原則
下载PDF

第 44 條 GDPR. 移轉之一般原則

Article 44 GDPR. General principle for transfers

任何經處理或於移轉至第三國或國際組織後將欲處理之個人資料之 移轉,僅得於控管者及處理者遵循本章之條件下進行,並符合本規則 其他條文,包括從第三國或國際組織所為之進一步移轉。為確保本規 則保證之當事人保護程度不受減損,本章所有條文應受適用。

Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if, subject to the other provisions of this Regulation, the conditions laid down in this Chapter are complied with by the controller and processor, including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation. All provisions in this Chapter shall be applied in order to ensure that the level of protection of natural persons guaranteed by this Regulation is not undermined.

專家評論 ISO 27701 献技 指南和案例法 发表评论
專家評論
(EN) Author
(EN) Siarhei Varankevich CIPP/E, CIPM, CIPT, MBA, FIP
FIP_IAPP
(EN) Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 44 GDPR:

7.5.1 Identify basis for PII transfer between jurisdictions

Control

The organization should identify and document the relevant basis for transfers of PII between jurisdictions.

Implementation guidance

PII transfer can be subject to legislation and/or regulation depending on the jurisdiction or international organization to which data is to be transferred (and from where it originates).


访问全文

献技

(101) 為了國際貿易與國際合作,進出非歐盟國及國際組織之個人資 料流通是有必要的。該等流通之增加已然帶來了新挑戰與有關個人資 料保護之問題。然而,當個人資料從歐盟移轉至第三國境內之控管者、 處理者或其他接收者或國際組織時,在歐盟內依本規則對當事人保護 之程度不得降低,此包括在從第三國或國際組織再移轉個人資料予在 相同或其他第三國之控管者、處理者或再移轉至國際組織之情形。在 任何情況下,向第三國和國際組織之移轉僅得於完全遵循本規則之前 提下執行。唯有當控管者或處理者已遵守本規則所定關於個人資料移 轉至第三國或國際組織之規範,且受本規則所定其他條款之拘束者, 個人資料之移轉始得為之。

(101) Flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international trade and international cooperation. The increase in such flows has raised new challenges and concerns with regard to the protection of personal data. However, when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, the level of protection of natural persons ensured in the Union by this Regulation should not be undermined, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. In any event, transfers to third countries and international organisations may only be carried out in full compliance with this Regulation. A transfer could take place only if, subject to the other provisions of this Regulation, the conditions laid down in the provisions of this Regulation relating to the transfer of personal data to third countries or international organisations are complied with by the controller or processor.

(102) 本規則不妨害歐盟與第三國間所締結用以規範包括對資料主 體適當保障之個人資料移轉的國際協定。只要國際協定不影響本規則 或歐盟法所定任何其他規範且包括對資料主體之基本權之適當程度 的保障,會員國得締結涉及個人資料移轉至第三國或國際組織之國際 協定。

(102) This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data to third countries or international organisations, as far as such agreements do not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects.

指南和案例法 发表评论