导航
GDPR > 第 48 條. 未獲歐盟法授權之移轉或揭露
下载PDF

第 48 條 GDPR. 未獲歐盟法授權之移轉或揭露

Article 48 GDPR. Transfers or disclosures not authorised by Union law

第三國任何法院或法庭裁判及任何行政機關決定,如有要求控管者或 處理者移轉或揭露個人資料者,僅得在基於有效存在於請求之第三國 及歐盟或會員國間之國際協約,如雙邊法律協助條約,且不損及本章 所定移轉之其他法律依據時,始得獲承認或可得執行。

Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer pursuant to this Chapter.

ISO 27701 发表评论
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 48 GDPR:

7.5.1 Identify basis for PII transfer between jurisdictions

Control

The organization should identify and document the relevant basis for transfers of PII between jurisdictions.

Implementation guidance

PII transfer can be subject to legislation and/or regulation depending on the jurisdiction or international organization to which data is to be transferred (and from where it originates).


访问全文

发表评论
[js-disqus]