查看更多
导航
第一章 總則 (1-4)
第 1 條. 主旨與立法目的第 2 條. 實體適用範圍第 3 條. 領土適用範圍第 4 條. 定義
第二章 原則 (5-11)
第 5 條. 個人資料處理原則第 6 條. 處理之合法性第七條. 同意條件第 8 條. 涉及資訊社會服務適用兒童同意之條件第 9 條. 特殊類型之個人資料處理第 10 條. 涉及前科及犯罪之個人資料處理第 11 條. 不須識別之處理
第三章 資料主體之權利 (12-23)
第 12 條. 資料主體為行使其權利之透明資訊、溝通及管道第 13 條. 蒐集資料主體之個人資料時所提供之資訊第 14 條. 尚未自資料主體取得個人資料時所應提供之資訊第 15 條. 資料主體之接近使用權第 16 條. 更正權第 17 條. 刪除權(「被遺忘權」)第 18 條. 限制處理權第 19 條. 關於更正或刪除個人資料或限制處理之通知義務第 20 條. 資料可攜性權利第 21 條. 拒絕權第 22 條. 個人化之自動決策,包括建檔第 23 條. 限制
第四章 控管者及處理者 (24-43)
第 24 條. 主旨與立法目的第 25 條. 設計及預設之資料保護第 26 條. 共同控管者第 27 條. 非設立於歐盟境內控管者或處理者之代表第 28 條. 處理者第 29 條. 控管者或處理者之處理權限第 30 條. 處理活動之紀錄第 31 條. 與監管機關之合作第 32 條. 處理之安全第 33 條. 向監管機關進行個人資料侵害之通報第 34 條. 向資料主體為個人資料侵害之溝通第 35 條. 資料保護影響評估第 36 條. 事前諮詢第 37 條. 資料保護員之指定第 38 條. 資料保護員之職位第 39 條. 資料保護員之職務第 40 條. 行為守則第 41 條. 經核准之行為守則之監管第 42 條. 認證第 43 條. 認證機構
第五章 個人資料移轉至第三國或國際組織 (44-50)
第 44 條. 移轉之一般原則
第 45 條. 基於充足程度保護決定之移轉
第 46 條. 須遵守適當保護措施之移轉第 47 條. 有拘束力之企業守則第 48 條. 未獲歐盟法授權之移轉或揭露第 49 條. 特定情形下之例外第 50 條. 個人資料保護之國際合作
第六章 獨立監管機關 (51-59)
第 51 條. 監管機關第 52 條. 獨立第 53 條. 監管機關成員之一般條款第 54 條. 監管機關設立之規則第 55 條. 權限第 56 條. 領導監管機關之權限第 57 條. 職務第 58 條. 權力第 59 條. 活動報告
第七章 合作及一致性 (60-70)
第 60 條. 領導監管機關與其他相關監管機關間之合作第 61 條. 互助第 62 條. 監管機關之聯合作業第 63 條. 一致性機制第 64 條. 委員會之意見第 65 條. 委員會之爭議解決第 66 條. 緊急程序第 67 條. 資訊交換第 68 條. 歐洲資料保護委員會第 69 條. 獨立性第 70 條. 委員會之任務第 71 條. 報告第 72 條. 程序第 73 條. 主席第 74 條. 主席之任務第 75 條. 秘書處第 76 條. 保密性
第 8 章 救濟、義務及處罰 (77-84)
第 77 條. 向監管機關提出申訴之權利第 78 條. 對監管機關提起有效司法救濟之權利第 79 條. 對於控管者或處理者提出有效司法救濟之權利第 80 條. 資料主體之代表第 81 條. 停止訴訟程序第 82 條. 賠償請求權及義務第 83 條. 裁處行政罰鍰之一般要件第 84 條. 罰則
第九章 特殊處理情況之規範 (85-91)
第 85 條. 處理與言論及資訊自由第 86 條. 官方文件之處理與公眾接近使用第 87 條. 國民身分證字號之處理第 88 條. 僱傭關係下之處理第 89 條. 為實現公共利益、科學或歷史研究目的或統計目的所為 處理之保護措施及例外規定第 90 條. 保密義務第 91 條. 教會及宗教組織現存之資料保護規定
第十章 授權法及施行法 (92-93)
第 92 條. 授權之行使第 93 條. 執委會之程序
第十一章 最終條款 (94-95)
第 94 條. 歐盟指令第 95/46/EU 號之廢止第 95 條. 與歐盟指令第 2002/58/EC 號之關係第 96 條. 與已締結之協議之關係第 97 條. 執委會報告第 98 條. 對其他資料保護歐盟法案之審查第 99 條. 生效及適用
GDPR > 第 45 條. 基於充足程度保護決定之移轉
下载PDF

第 45 條 GDPR. 基於充足程度保護決定之移轉

Article 45 GDPR. Transfers on the basis of an adequacy decision

1. 個人資料移轉至第三國或國際組織,僅於執委會決定該第三國、 第三國內之領域或特定部門、或國際組織確有充足程度之保護時,方 得為之。該移轉不須獲得任何特別授權。

1. A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

献技
献技

(103)執委會得做成影響全歐盟之決定,認定第三國、第三國內之領 域或特定部門,或國際組織已提供充足程度之資料保護,並因此就第 三國或國際組織被認為已提供該保護程度乙事在整個歐盟提供了法 明確性和一致性。於該等情形,個人資料移轉至第三國或國際組織可 能在不需要獲得進一步授權之情形下發生。於給予第三國或國際組織 通知及說明理由之完全陳述時,執委會亦可決定撤銷原決定。

(103) The Commission may decide with effect for the entire Union that a third country, a territory or specified sector within a third country, or an international organisation, offers an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third country or international organisation which is considered to provide such level of protection. In such cases, transfers of personal data to that third country or international organisation may take place without the need to obtain any further authorisation. The Commission may also decide, having given notice and a full statement setting out the reasons to the third country or international organisation, to revoke such a decision.

2. 於評估保護程度之充足性時,執委會尤其應考量下列因素:

2. When assessing the adequacy of the level of protection, the Commission shall, in particular, take account of the following elements:

献技
献技

(104) 依循歐盟所創立之基本價值,尤其是人權之保護,執委會在其 衡量第三國或第三國內之領域或特定部門時,應考量特定第三國如何 遵守法治、接近使用司法、以及國際人權規範和標準及其普通法與部 門法,包括涉及公共安全、防禦與國家安全與公共秩序及刑法之立法。 對第三國內之領域或特定部門作成有提供充足保護之決定應考量明 確與具體之標準,例如特定處理活動及第三國可適用之法律標準與立法之範圍。第三國應提供保證,以確保基本上等同於歐盟所保障之充 足程度保護,特別是當個人資料處理在單一或數個特定部門時。尤其, 第三國應確保有效而獨立之資料保護監督機制,且應提供合作機制予 會員國資料保護機關,且應提供資料保護主體有效且可實現的權利與 有效的行政與司法救濟。

(104) In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in its assessment of the third country, or of a territory or specified sector within a third country, take into account how a particular third country respects the rule of law, access to justice as well as international human rights norms and standards and its general and sectoral law, including legislation concerning public security, defence and national security as well as public order and criminal law. The adoption of an adequacy decision with regard to a territory or a specified sector in a third country should take into account clear and objective criteria, such as specific processing activities and the scope of applicable legal standards and legislation in force in the third country. The third country should offer guarantees ensuring an adequate level of protection essentially equivalent to that ensured within the Union, in particular where personal data are processed in one or several specific sectors. In particular, the third country should ensure effective independent data protection supervision and should provide for cooperation mechanisms with the Member States' data protection authorities, and the data subjects should be provided with effective and enforceable rights and effective administrative and judicial redress.

(105) 除了第三國或國際組織已加入之國際協約,執委會應考量第三 國或國際組織於多邊或區域體系之義務,尤其是涉及個人資料保護及 該等義務之履行。尤其,應考量第三國加入歐洲理事會 1981 年 1 月 28 日關於自動化個人資料處理之個人保護公約及其附加議定書。於 衡量第三國或國際組織之保護程度時,執委會應向委員會諮詢。

(105) Apart from the international commitments the third country or international organisation has entered into, the Commission should take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular in relation to the protection of personal data, as well as the implementation of such obligations. In particular, the third country's accession to the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to the Automatic Processing of Personal Data and its Additional Protocol should be taken into account. The Commission should consult the Board when assessing the level of protection in third countries or international organisations.

(a) 法治、對人權與基本自由之尊重、一般與部門之相關立法,包括 有關公共安全、防衛、國家安全及刑法、公務機關對個人資料之接近 使用權、及該等立法、資料保護規則、專業規則及安全措施之執行, 包括個人資料向其他第三國或國際組織進一步移轉,該其他第三國或 國際組織之規則、判例法、及有效且可執行之資料主體權利及個人資 料受移轉之資料主體有效之行政與司法救濟;

(a) the rule of law, respect for human rights and fundamental freedoms, relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law and the access of public authorities to personal data, as well as the implementation of such legislation, data protection rules, professional rules and security measures, including rules for the onward transfer of personal data to another third country or international organisation which are complied with in that country or international organisation, case-law, as well as effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data are being transferred;

(b) 第三國內有一個或以上獨立監管機關之存在及有效運作,或對象 為國際組織時,確保及執行資料保護規則之遵守,包括充足之執行權, 以協助及建議資料主體行使其權利,並與會員國之監管機關合作;及

(b) the existence and effective functioning of one or more independent supervisory authorities in the third country or to which an international organisation is subject, with responsibility for ensuring and enforcing compliance with the data protection rules, including adequate enforcement powers, for assisting and advising the data subjects in exercising their rights and for cooperation with the supervisory authorities of the Member States; and

(c) 第三國或國際組織所加入之國際協定,或其他因具法律拘束力之 合約或辦法、及從其參與多邊或區域體系而生之義務,尤其關於個人 資料保護者。

(c) the international commitments the third country or international organisation concerned has entered into, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems, in particular in relation to the protection of personal data.

3. 執委會於評估保護之充足程度後,得透過施行法決定第三國、第 三國內之領域或單一或多數之特定部門、或國際組織依本條第 2 項之 方式確保充足程度保護。施行法應提供定期檢驗機制,至少四年一次, 並應考量第三國或國際組織之所有相關發展。施行法應特定其適用之 領域及部門,且於得適用時,確認監管機關或本條第 2 項第 b 點所稱之機關。施行法應採行第 93 條第 2 項之檢驗程序。

3. The Commission, after assessing the adequacy of the level of protection, may decide, by means of implementing act, that a third country, a territory or one or more specified sectors within a third country, or an international organisation ensures an adequate level of protection within the meaning of paragraph 2 of this Article. The implementing act shall provide for a mechanism for a periodic review, at least every four years, which shall take into account all relevant developments in the third country or international organisation. The implementing act shall specify its territorial and sectoral application and, where applicable, identify the supervisory authority or authorities referred to in point (b) of paragraph 2 of this Article. The implementing act shall be adopted in accordance with the examination procedure referred to in Article 93(2).

相关文章
相关文章

4. 執委會應持續監控如下之第三國與國際組織,亦即:可能影響依 本條第 3 項採行之決定、及依歐盟指令第 95/46/EC 號第 25 條第 6 項 採行之決定運作之發展。

4. The Commission shall, on an ongoing basis, monitor developments in third countries and international organisations that could affect the functioning of decisions adopted pursuant to paragraph 3 of this Article and decisions adopted on the basis of Article 25(6) of Directive 95/46/EC.

献技
献技

(106) 執委會應觀察審視第三國、第三國境內之領域或特定部門、或 國際組織保護程度之決定的運作,並觀察審視在歐盟指令第 95/46/EC 號第 25 條第 6 項及第 26 條第 4 項之基礎下採行之決定。就有提供充 足保護之決定,執委會應提供定期檢驗其運作之機制。該定期檢驗應 在諮詢有關之第三國或國際組織下進行,且考量所有相關第三國或國 際組織之發展。為了觀察審視與執行定期檢驗,執委會應考慮歐洲議 會及歐盟理事會以及相關機構與來源之意見與認定。執委會應在合理 時間內評估前次決定之運作情形,並如本規則所確立的,依歐洲議會 及歐盟理事會之歐盟規則第 182/2011 號 [12],向委員會報告任何相關 認定。

(106) The Commission should monitor the functioning of decisions on the level of protection in a third country, a territory or specified sector within a third country, or an international organisation, and monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission should provide for a periodic review mechanism of their functioning. That periodic review should be conducted in consultation with the third country or international organisation in question and take into account all relevant developments in the third country or international organisation. For the purposes of monitoring and of carrying out the periodic reviews, the Commission should take into consideration the views and findings of the European Parliament and of the Council as well as of other relevant bodies and sources. The Commission should evaluate, within a reasonable time, the functioning of the latter decisions and report any relevant findings to the Committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council [12] as established under this Regulation, to the European Parliament and to the Council.

[12] Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

[12] Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

5. 於現有資訊顯示,尤其依本條第 3 項之檢驗,第三國、第三國內 之領域或單一或多數之特定部門、或國際組織不再確保本條第 2 項意 義下之充足程度保護時,執委會應於必要程度內透過執行不具溯及既 往效力之行為,廢除、修正或凍結本條第 3 項。

5. The Commission shall, where available information reveals, in particular following the review referred to in paragraph 3 of this Article, that a third country, a territory or one or more specified sectors within a third country, or an international organisation no longer ensures an adequate level of protection within the meaning of paragraph 2 of this Article, to the extent necessary, repeal, amend or suspend the decision referred to in paragraph 3 of this Article by means of implementing acts without retro-active effect. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2).

相关文章
相关文章

該等施行法應依第 93 條第 2 項之檢驗程序行之。於具正當理由之緊急情形,執委會應 依第 93 條第 3 項之程序立即採用可適用之施行法。

On duly justified imperative grounds of urgency, the Commission shall adopt immediately applicable implementing acts in accordance with the procedure referred to in Article 93(3).

相关文章
相关文章

6. 執委會應參與與第三國或國際組織之協商,以救濟依第 5 項作成決定之情形。

6. The Commission shall enter into consultations with the third country or international organisation with a view to remedying the situation giving rise to the decision made pursuant to paragraph 5.

献技
献技

(107) 執委會可能認定第三國、第三國內之領域或特定部門、或國際 組織不再達到充足程度之資料保護。因此,向該第三國或國際組織之 個人資料移轉應被禁止,但完成本規則關於移轉所定適當保護措施之 要件被滿足,包括有拘束力之企業守則及存在特定情況之例外者,不 在此限。在該情況,該規範應由執委會及該第三國或國際組織間訂定。 執委會應於適當時間內通知第三國或國際組織其理由,並進入協商程 序以救濟該情形。

(107) The Commission may recognise that a third country, a territory or a specified sector within a third country, or an international organisation no longer ensures an adequate level of data protection. Consequently the transfer of personal data to that third country or international organisation should be prohibited, unless the requirements in this Regulation relating to transfers subject to appropriate safeguards, including binding corporate rules, and derogations for specific situations are fulfilled. In that case, provision should be made for consultations between the Commission and such third countries or international organisations. The Commission should, in a timely manner, inform the third country or international organisation of the reasons and enter into consultations with it in order to remedy the situation.

7. 本條第 5 項之決定不損及第 46 條至第 49 條所指向第三國、第三 國內之領域及特定部門、及國際組織之個人資料移轉。

7. A decision pursuant to paragraph 5 of this Article is without prejudice to transfers of personal data to the third country, a territory or one or more specified sectors within that third country, or the international organisation in question pursuant to Articles 46 to 49.

相关文章
相关文章

8. 執委會應於歐洲聯盟官方公報及網站上,公布已決定或不再確保 具充足程度保護之第三國、第三國內之領域及特定部門、及國際組織 之名單。

8. The Commission shall publish in the Official Journal of the European Union and on its website a list of the third countries, territories and specified sectors within a third country and international organisations for which it has decided that an adequate level of protection is or is no longer ensured.

9. 執委會基於歐盟指令第 95/46/EC 號第 25 條第 6 項採行之決定,於 執委會依本條第3項或第 5項決定修改、取代或廢除前,應持續有效。

9. Decisions adopted by the Commission on the basis of Article 25(6) of Directive 95/46/EC shall remain in force until amended, replaced or repealed by a Commission Decision adopted in accordance with paragraph 3 or 5 of this Article.

通用数据保护条例(EU GDPR)

Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30

General Data Protection Regulation (EU GDPR)

The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.

ISO 27701 献技 指南和案例法 发表评论
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 45 GDPR:

7.5.1 Identify basis for PII transfer between jurisdictions

Control

The organization should identify and document the relevant basis for transfers of PII between jurisdictions.

Implementation guidance

PII transfer can be subject to legislation and/or regulation depending on the jurisdiction or international organization to which data is to be transferred (and from where it originates).


访问全文

献技

(103)執委會得做成影響全歐盟之決定,認定第三國、第三國內之領 域或特定部門,或國際組織已提供充足程度之資料保護,並因此就第 三國或國際組織被認為已提供該保護程度乙事在整個歐盟提供了法 明確性和一致性。於該等情形,個人資料移轉至第三國或國際組織可 能在不需要獲得進一步授權之情形下發生。於給予第三國或國際組織 通知及說明理由之完全陳述時,執委會亦可決定撤銷原決定。

(103) The Commission may decide with effect for the entire Union that a third country, a territory or specified sector within a third country, or an international organisation, offers an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third country or international organisation which is considered to provide such level of protection. In such cases, transfers of personal data to that third country or international organisation may take place without the need to obtain any further authorisation. The Commission may also decide, having given notice and a full statement setting out the reasons to the third country or international organisation, to revoke such a decision.

(104) 依循歐盟所創立之基本價值,尤其是人權之保護,執委會在其 衡量第三國或第三國內之領域或特定部門時,應考量特定第三國如何 遵守法治、接近使用司法、以及國際人權規範和標準及其普通法與部 門法,包括涉及公共安全、防禦與國家安全與公共秩序及刑法之立法。 對第三國內之領域或特定部門作成有提供充足保護之決定應考量明 確與具體之標準,例如特定處理活動及第三國可適用之法律標準與立法之範圍。第三國應提供保證,以確保基本上等同於歐盟所保障之充 足程度保護,特別是當個人資料處理在單一或數個特定部門時。尤其, 第三國應確保有效而獨立之資料保護監督機制,且應提供合作機制予 會員國資料保護機關,且應提供資料保護主體有效且可實現的權利與 有效的行政與司法救濟。

(104) In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in its assessment of the third country, or of a territory or specified sector within a third country, take into account how a particular third country respects the rule of law, access to justice as well as international human rights norms and standards and its general and sectoral law, including legislation concerning public security, defence and national security as well as public order and criminal law. The adoption of an adequacy decision with regard to a territory or a specified sector in a third country should take into account clear and objective criteria, such as specific processing activities and the scope of applicable legal standards and legislation in force in the third country. The third country should offer guarantees ensuring an adequate level of protection essentially equivalent to that ensured within the Union, in particular where personal data are processed in one or several specific sectors. In particular, the third country should ensure effective independent data protection supervision and should provide for cooperation mechanisms with the Member States' data protection authorities, and the data subjects should be provided with effective and enforceable rights and effective administrative and judicial redress.

(105) 除了第三國或國際組織已加入之國際協約,執委會應考量第三 國或國際組織於多邊或區域體系之義務,尤其是涉及個人資料保護及 該等義務之履行。尤其,應考量第三國加入歐洲理事會 1981 年 1 月 28 日關於自動化個人資料處理之個人保護公約及其附加議定書。於 衡量第三國或國際組織之保護程度時,執委會應向委員會諮詢。

(105) Apart from the international commitments the third country or international organisation has entered into, the Commission should take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular in relation to the protection of personal data, as well as the implementation of such obligations. In particular, the third country's accession to the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to the Automatic Processing of Personal Data and its Additional Protocol should be taken into account. The Commission should consult the Board when assessing the level of protection in third countries or international organisations.

(106) 執委會應觀察審視第三國、第三國境內之領域或特定部門、或 國際組織保護程度之決定的運作,並觀察審視在歐盟指令第 95/46/EC 號第 25 條第 6 項及第 26 條第 4 項之基礎下採行之決定。就有提供充 足保護之決定,執委會應提供定期檢驗其運作之機制。該定期檢驗應 在諮詢有關之第三國或國際組織下進行,且考量所有相關第三國或國 際組織之發展。為了觀察審視與執行定期檢驗,執委會應考慮歐洲議 會及歐盟理事會以及相關機構與來源之意見與認定。執委會應在合理 時間內評估前次決定之運作情形,並如本規則所確立的,依歐洲議會 及歐盟理事會之歐盟規則第 182/2011 號 [12],向委員會報告任何相關 認定。

(106) The Commission should monitor the functioning of decisions on the level of protection in a third country, a territory or specified sector within a third country, or an international organisation, and monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission should provide for a periodic review mechanism of their functioning. That periodic review should be conducted in consultation with the third country or international organisation in question and take into account all relevant developments in the third country or international organisation. For the purposes of monitoring and of carrying out the periodic reviews, the Commission should take into consideration the views and findings of the European Parliament and of the Council as well as of other relevant bodies and sources. The Commission should evaluate, within a reasonable time, the functioning of the latter decisions and report any relevant findings to the Committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council [12] as established under this Regulation, to the European Parliament and to the Council.

[12] Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

[12] Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

(107) 執委會可能認定第三國、第三國內之領域或特定部門、或國際 組織不再達到充足程度之資料保護。因此,向該第三國或國際組織之 個人資料移轉應被禁止,但完成本規則關於移轉所定適當保護措施之 要件被滿足,包括有拘束力之企業守則及存在特定情況之例外者,不 在此限。在該情況,該規範應由執委會及該第三國或國際組織間訂定。 執委會應於適當時間內通知第三國或國際組織其理由,並進入協商程 序以救濟該情形。

(107) The Commission may recognise that a third country, a territory or a specified sector within a third country, or an international organisation no longer ensures an adequate level of data protection. Consequently the transfer of personal data to that third country or international organisation should be prohibited, unless the requirements in this Regulation relating to transfers subject to appropriate safeguards, including binding corporate rules, and derogations for specific situations are fulfilled. In that case, provision should be made for consultations between the Commission and such third countries or international organisations. The Commission should, in a timely manner, inform the third country or international organisation of the reasons and enter into consultations with it in order to remedy the situation.

指南和案例法 发表评论
[js-disqus]