导航
GDPR > 第 90 條. 保密義務
下载PDF

第 90 條 GDPR. 保密義務

Article 90 GDPR. Obligations of secrecy

1. 針對控管者或處理者依歐盟或會員國法或國內主管機構所訂規則 負有職業或其他相應之保密義務,且調和個人資料保護權利與保密義 務係適當且有必要者,會員國得就第 58 條第 1 項第 e 點及第 f 點所 定監管機關之權利,訂定具體化規定。該等規定僅適用於控管者或處 理者已因該保密義務所涵蓋之活動中接收或取得個人資料。

1. Member States may adopt specific rules to set out the powers of the supervisory authorities laid down in points (e) and (f) of Article 58(1) in relation to controllers or processors that are subject, under Union or Member State law or rules established by national competent bodies, to an obligation of professional secrecy or other equivalent obligations of secrecy where this is necessary and proportionate to reconcile the right of the protection of personal data with the obligation of secrecy. Those rules shall apply only with regard to personal data which the controller or processor has received as a result of or has obtained in an activity covered by that obligation of secrecy.

相关文章

2. 各會員國應於 2018 年 5 月 25 日前將其依第 1 項通過之規定及任 何後續影響該規定之修正案通知執委會,不得遲延。

2. Each Member State shall notify to the Commission the rules adopted pursuant to paragraph 1, by 25 May 2018 and, without delay, any subsequent amendment affecting them.

献技 发表评论
献技

(164) 關於監管機關自控管者或處理者處取得個人資料及進入其等 辦公處所之權力,在為調和個人資料保護權利與職業秘密之保密義務 間必要之範圍內,會員國得在本規則限制之範圍內以法律具體化規範, 以保護職業或其他相應之保密義務。此無損於會員國現存之義務,即 當歐盟法有所要求時,應通過關於職業秘密規範之義務。

(164) As regards the powers of the supervisory authorities to obtain from the controller or processor access to personal data and access to their premises, Member States may adopt by law, within the limits of this Regulation, specific rules in order to safeguard the professional or other equivalent secrecy obligations, in so far as necessary to reconcile the right to the protection of personal data with an obligation of professional secrecy. This is without prejudice to existing Member State obligations to adopt rules on professional secrecy where required by Union law.

发表评论