查看更多
导航
第一章 總則 (1-4)
第 1 條. 主旨與立法目的第 2 條. 實體適用範圍第 3 條. 領土適用範圍第 4 條. 定義
第二章 原則 (5-11)
第 5 條. 個人資料處理原則第 6 條. 處理之合法性第七條. 同意條件第 8 條. 涉及資訊社會服務適用兒童同意之條件第 9 條. 特殊類型之個人資料處理第 10 條. 涉及前科及犯罪之個人資料處理第 11 條. 不須識別之處理
第三章 資料主體之權利 (12-23)
第 12 條. 資料主體為行使其權利之透明資訊、溝通及管道第 13 條. 蒐集資料主體之個人資料時所提供之資訊第 14 條. 尚未自資料主體取得個人資料時所應提供之資訊第 15 條. 資料主體之接近使用權第 16 條. 更正權第 17 條. 刪除權(「被遺忘權」)第 18 條. 限制處理權第 19 條. 關於更正或刪除個人資料或限制處理之通知義務第 20 條. 資料可攜性權利第 21 條. 拒絕權第 22 條. 個人化之自動決策,包括建檔第 23 條. 限制
第四章 控管者及處理者 (24-43)
第 24 條. 主旨與立法目的第 25 條. 設計及預設之資料保護第 26 條. 共同控管者第 27 條. 非設立於歐盟境內控管者或處理者之代表第 28 條. 處理者第 29 條. 控管者或處理者之處理權限第 30 條. 處理活動之紀錄第 31 條. 與監管機關之合作第 32 條. 處理之安全第 33 條. 向監管機關進行個人資料侵害之通報第 34 條. 向資料主體為個人資料侵害之溝通第 35 條. 資料保護影響評估第 36 條. 事前諮詢第 37 條. 資料保護員之指定第 38 條. 資料保護員之職位第 39 條. 資料保護員之職務第 40 條. 行為守則第 41 條. 經核准之行為守則之監管第 42 條. 認證第 43 條. 認證機構
第五章 個人資料移轉至第三國或國際組織 (44-50)
第 44 條. 移轉之一般原則第 45 條. 基於充足程度保護決定之移轉第 46 條. 須遵守適當保護措施之移轉第 47 條. 有拘束力之企業守則第 48 條. 未獲歐盟法授權之移轉或揭露第 49 條. 特定情形下之例外第 50 條. 個人資料保護之國際合作
第六章 獨立監管機關 (51-59)
第 51 條. 監管機關第 52 條. 獨立第 53 條. 監管機關成員之一般條款第 54 條. 監管機關設立之規則第 55 條. 權限
第 56 條. 領導監管機關之權限
第 57 條. 職務第 58 條. 權力第 59 條. 活動報告
第七章 合作及一致性 (60-70)
第 60 條. 領導監管機關與其他相關監管機關間之合作第 61 條. 互助第 62 條. 監管機關之聯合作業第 63 條. 一致性機制第 64 條. 委員會之意見第 65 條. 委員會之爭議解決第 66 條. 緊急程序第 67 條. 資訊交換第 68 條. 歐洲資料保護委員會第 69 條. 獨立性第 70 條. 委員會之任務第 71 條. 報告第 72 條. 程序第 73 條. 主席第 74 條. 主席之任務第 75 條. 秘書處第 76 條. 保密性
第 8 章 救濟、義務及處罰 (77-84)
第 77 條. 向監管機關提出申訴之權利第 78 條. 對監管機關提起有效司法救濟之權利第 79 條. 對於控管者或處理者提出有效司法救濟之權利第 80 條. 資料主體之代表第 81 條. 停止訴訟程序第 82 條. 賠償請求權及義務第 83 條. 裁處行政罰鍰之一般要件第 84 條. 罰則
第九章 特殊處理情況之規範 (85-91)
第 85 條. 處理與言論及資訊自由第 86 條. 官方文件之處理與公眾接近使用第 87 條. 國民身分證字號之處理第 88 條. 僱傭關係下之處理第 89 條. 為實現公共利益、科學或歷史研究目的或統計目的所為 處理之保護措施及例外規定第 90 條. 保密義務第 91 條. 教會及宗教組織現存之資料保護規定
第十章 授權法及施行法 (92-93)
第 92 條. 授權之行使第 93 條. 執委會之程序
第十一章 最終條款 (94-95)
第 94 條. 歐盟指令第 95/46/EU 號之廢止第 95 條. 與歐盟指令第 2002/58/EC 號之關係第 96 條. 與已締結之協議之關係第 97 條. 執委會報告第 98 條. 對其他資料保護歐盟法案之審查第 99 條. 生效及適用
GDPR > 第 56 條. 領導監管機關之權限
下载PDF

第 56 條 GDPR. 領導監管機關之權限

Article 56 GDPR. Competence of the lead supervisory authority

1. 於不損及第 55 條之前提下,該控管者或處理者之主要分支機構或 該單一分支機構之監管機關,應有權作為該控管者或處理者依第 60 條程序為跨境處理時之領導監管機關。

1. Without prejudice to Article 55, the supervisory authority of the main establishment or of the single establishment of the controller or processor shall be competent to act as lead supervisory authority for the cross-border processing carried out by that controller or processor in accordance with the procedure provided in Article 60.

相关文章
相关文章

2. 如標的事項僅涉及該會員國之單一分支機構、或受嚴重影響之資 料主體僅在該會員國時,各監管機關應有權處理提交至其之申訴、或 對本規則可能之違反,不受第 1 項之限制。

2. By derogation from paragraph 1, each supervisory authority shall be competent to handle a complaint lodged with it or a possible infringement of this Regulation, if the subject matter relates only to an establishment in its Member State or substantially affects data subjects only in its Member State.

3. 於本條第二項之情形,監管機關應通知領導監管機關該事項,不 得無故延遲。領導監管機關應於受通知起三週內,決定是否依第 60 條之程序處理該事項,並應考量監管機關通知之會員國內是否有控管 者或處理者之分支機構。

3. In the cases referred to in paragraph 2 of this Article, the supervisory authority shall inform the lead supervisory authority without delay on that matter. Within a period of three weeks after being informed the lead supervisory authority shall decide whether or not it will handle the case in accordance with the procedure provided in Article 60, taking into account whether or not there is an establishment of the controller or processor in the Member State of which the supervisory authority informed it.

相关文章
相关文章

4. 於領導監管機關決定處理該事項時,應遵循第 60 條之程序。通知 領導監管機關之監管機關得提交裁決草案至領導監管機關。領導監管 機關於依第 60 條第 3 項擬訂裁決時,應盡可能考慮該草案。

4. Where the lead supervisory authority decides to handle the case, the procedure provided in Article 60 shall apply. The supervisory authority which informed the lead supervisory authority may submit to the lead supervisory authority a draft for a decision. The lead supervisory authority shall take utmost account of that draft when preparing the draft decision referred to in Article 60(3).

相关文章
相关文章

5. 於領導監管機關決定不處理該事項時,通知領導監管機關之監管 機關應依第 61 條及第 62 條處理。

5. Where the lead supervisory authority decides not to handle the case, the supervisory authority which informed the lead supervisory authority shall handle it according to Articles 61 and 62.

相关文章
相关文章

6. 領導監管機關應為控管者或處理者於其執行跨境處理時,唯一之 溝通對口。

6. The lead supervisory authority shall be the sole interlocutor of the controller or processor for the cross-border processing carried out by that controller or processor.

通用数据保护条例(EU GDPR)

Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30

General Data Protection Regulation (EU GDPR)

The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.

献技 指南和案例法 发表评论
献技

(36) 控管者於歐盟境內之主要分支機構應為其於歐盟境內核心管理 機構之所在地,但個人資料處理的目的及方式係由控管者於歐盟境內 另一分支機構所決定者,該分支機構應被視為主要分支機構。控管者 於歐盟境內之主要分支機構應按客觀標準判定之,且其應經由穩定之 安排而就個人資料處理之目的及方式等主要決策採取有效及有實際 執行之管理行動。判定主要分支機構之標準不得取決於個人資料處理 是否於該處所為之。為處理個人資料或其處理活動之技術方法或科技之存在與利用,其本身不構成主要分支機構,且因此並非主要分支機構之決定性標準。資料處理者之主要分支機構應為其於歐盟境內核心管理機構之所在地,或其於歐盟境內並無核心管理機構時,為其於歐盟境內為主要處理活動之所在地。於同時涉及控管者及處理者時,主管之領導監管機關應為控管者主要分支機構所在地會員國之監管機關,但處理者之監管機關應被視為係相關監管機關而應參與本規則所定之合作程序。在任何情況下,於裁決草案僅涉及控管者時,有一個或多個分支機構之資料處理者所在之一個或多個會員國監管機關均不得視為係相關監管機關。個人資料處理係由企業集團實施者,控制企業之主要分支機構應被認定為企業集團之主要分支機構,但個人資料處理之目的及方式係由其他企業所決定者,不在此限。

(36) The main establishment of a controller in the Union should be the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union, in which case that other establishment should be considered to be the main establishment. The main establishment of a controller in the Union should be determined according to objective criteria and should imply the effective and real exercise of management activities determining the main decisions as to the purposes and means of processing through stable arrangements. That criterion should not depend on whether the processing of personal data is carried out at that location. The presence and use of technical means and technologies for processing personal data or processing activities do not, in themselves, constitute a main establishment and are therefore not determining criteria for a main establishment. The main establishment of the processor should be the place of its central administration in the Union or, if it has no central administration in the Union, the place where the main processing activities take place in the Union. In cases involving both the controller and the processor, the competent lead supervisory authority should remain the supervisory authority of the Member State where the controller has its main establishment, but the supervisory authority of the processor should be considered to be a supervisory authority concerned and that supervisory authority should participate in the cooperation procedure provided for by this Regulation. In any case, the supervisory authorities of the Member State or Member States where the processor has one or more establishments should not be considered to be supervisory authorities concerned where the draft decision concerns only the controller. Where the processing is carried out by a group of undertakings, the main establishment of the controlling undertaking should be considered to be the main establishment of the group of undertakings, except where the purposes and means of processing are determined by another undertaking.

(124) 凡個人資料之處理係由控管者或處理者於歐盟境內之分支機 構所為,且該控管者或處理者在一個以上之會員國設立分支機構,或 凡資料處理係由控管者或處理者在歐盟境內之單一分支機構所為,而 該處理顯然影響或可能顯然影響一個以上會員國之資料主體者,該控 管者或處理者之主要分支機構或該單一分支機構之監管機關應擔任 領導機關之角色。因控管者或處理者在該會員國境內設有分支機構、 或因居住於該會員國境內之資料主體受到影響,或因已對該會員國之 監管機關提出申訴時,該領導機關應與其他相關機關合作。當資料主 體並非居住於某會員國,而對該國之監管機關提出申訴者,該監管機 關亦應屬相關監管機關。在委員會所負頒佈能涵蓋本規則適用所生任 何疑義之指導原則的任務中,其應得特別在考量因素之判斷標準上頒 佈指導原則,以確認該資料處理是否顯然影響一個以上會員國之資料 主體,以及何者能構成相關且合理之異議。

(124) Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union and the controller or processor is established in more than one Member State, or where processing taking place in the context of the activities of a single establishment of a controller or processor in the Union substantially affects or is likely to substantially affect data subjects in more than one Member State, the supervisory authority for the main establishment of the controller or processor or for the single establishment of the controller or processor should act as lead authority. It should cooperate with the other authorities concerned, because the controller or processor has an establishment on the territory of their Member State, because data subjects residing on their territory are substantially affected, or because a complaint has been lodged with them. Also where a data subject not residing in that Member State has lodged a complaint, the supervisory authority with which such complaint has been lodged should also be a supervisory authority concerned. Within its tasks to issue guidelines on any question covering the application of this Regulation, the Board should be able to issue guidelines in particular on the criteria to be taken into account in order to ascertain whether the processing in question substantially affects data subjects in more than one Member State and on what constitutes a relevant and reasoned objection.

(125) 關於執行依本規則所授予之權力的措施,領導機關應有權限通 過有拘束力之裁決。在身為領導機關之資格下,監管機關應於裁決過 程中密集參與並協調相關監管機關。當該裁決係全部或部分駁回資料 主體之申訴時,受理該申訴之監管機關即應採納該裁決。

(125) The lead authority should be competent to adopt binding decisions regarding measures applying the powers conferred on it in accordance with this Regulation. In its capacity as lead authority, the supervisory authority should closely involve and coordinate the supervisory authorities concerned in the decision-making process. Where the decision is to reject the complaint by the data subject in whole or in part, that decision should be adopted by the supervisory authority with which the complaint has been lodged.

指南和案例法 发表评论
[js-disqus]