GDPR - BG CS DE EL EN ES ET FI FR GA IT LV LT MT PT SK SL SV
CAIBIDIL V
Aistrithe sonraí pearsanta go tríú tíortha nó go heagraíochtaí idirnáisiúnta
Roinn 5
Cóid iompair agus deimhniú
Airteagal 47 Rialacha ceangailteacha corporáideacha
1. Formheasfaidh an t-údarás inniúil maoirseachta rialacha ceangailteacha corparáideacha i gcomhréir leis an sásra comhsheasmhachta a leagtar amach in Airteagal 63, ar choinníoll:
|
(a)
|
go mbeidh siad ceangailteach ó thaobh dlí agus go mbeidh feidhm acu maidir le gach comhalta lena mbaineann i ngrúpa gnóthas, nó i ngrúpa fiontar a bhfuil gníomhaíocht chomhpháirteach eacnamaíoch ar bun acu, lena n-áirítear a gcuid fostaithe,agus go ndéanfaidh gach comhalta iad a fhorfheidhmiú;
|
|
(b)
|
go dtabharfaidh siad cearta in-fhorfheidhmithe go sainráite d'ábhar sonraí maidir lena sonraí pearsanta a phróiseáil; agus
|
|
(c)
|
go gcomhlíonfaidh siad na ceanglais atá leagtha síos i mír 2.
|
2. Leis na rialacha ceangailteacha corparáideacha dá dtagraítear i mír 1, sonrófar ar a laghad:
|
(a)
|
struchtúr agus sonraí teagmhála an ghrúpa gnóthas, nó an ghrúpa fiontar a bhfuil gníomhaíocht chomhpháirteach eacnamaíoch ar bun acu agus struchtúr agus sonraí teagmhála gach comhalta den ghrúpa sin;
|
|
(b)
|
na haistrithe sonraí nó na sraith d'aistrithe sonraí, lena n-áirítear na catagóirí sonraí pearsanta, an cineál próiseála agus críocha na próiseála sin, an cineál ábhair sonraí lena mbainfidh agus ainm nó ainmneacha an tríú tír nó na dtríú tíortha;
|
|
(c)
|
iad a bheith de chineál ceangailteach ó thaobh dlí, go hinmheánach agus go seachtrach;
|
|
(d)
|
cur i bhfeidhm na bprionsabal ginearálta maidir le cosaint sonraí, go háirithe teorannú de réir cuspóra, íoslaghdú sonraí, tréimhsí teoranta stórála, cáilíocht sonraí, cosaint sonraí trí dhearadh agus mar réamhshocrú, an bunús dlí atá leis an próiseáil, próiseáil catagóirí speisialta sonraí pearsanta, bearta chun slándáil sonraí a áirithiú agus na ceanglais maidir le sonraí a aistriú ar aghaidh chuig comhlachtaí nach bhfuil faoi cheangal na rialacha ceangailteacha corparáideacha;
|
|
(e)
|
cearta na n-ábhar sonraí maidir le próiseáil agus na modhanna chun na cearta sin a fheidhmiú, lena n-áirítear an ceart gan a bheith faoi réir cinntí atá bunaithe ar phróifíliú, lena n-áirítear próifíliú i gcomhréir le hAirteagal 22, an ceart gearán a thaisceadh leis an údarás inniúil maoirseachta agus le cúirteanna inniúla na mBallstát i gcomhréir le hAirteagal 79, agus an ceart chun sásaimh, agus, nuair is iomchuí, an ceart chun cúiteamh a fháil de bharr sárú ar na rialacha ceangailteacha corparáideacha;
|
|
(f)
|
go nglacann an rialaitheoir nó an próiseálaí atá bunaithe ar chríoch Ballstáit le dliteanas i gcás ina sáraíonn aon chomhalta lena mbaineann nach bhfuil bunaithe san Aontas na rialacha ceangailteacha corparáideacha; ní bheidh an rialitheoir nó an próisealaí díolmhaithe ón dliteanas sin, go páirteach nó go hiomlán, ach amháin má chruthaíonn sé nach bhfuil sé ar dhóigh ar bith freagrach as an imeacht ba shiocair leis an damáiste;
|
|
(g)
|
an bealach a gcuirtear an fhaisnéis faoi na rialacha ceangailteacha corparáideacha, agus faoi na forálacha dá dtagraítear i bpointí (d), (e) agus (f) den mhír seo go háirithe, ar fáil do na hábhair sonraí chomh maith le hAirteagal 13 agus le hAirteagal 14;
|
|
(h)
|
cúraimí aon oifigigh cosanta sonraí a cheaptar i gcomhréir le hAirteagal 37, nó aon duine nó aon eintitis eile atá i gceannas ar fhaireachán a dhéanamh ar chomhlíonadh na rialacha ceangailteacha corparáideacha laistigh de ghrúpa gnóthas, nó grúpa fiontar a bhfuil gníomhaíocht chomhpháirteach eacnamaíoch ar bun acu, chomh maith le faireachán ar oiliúint agus ar an dóigh a ndéileáiltear le gearáin;
|
|
(i)
|
na nósanna imeachta um ghearáin;
|
|
(j)
|
na sásraí laistigh de ghrúpa gnóthas, nó grúpa fiontar a bhfuil gníomhaíocht chomhpháirteach eacnamaíoch ar bun acu lena n-áirithítear go bhfíoraítear comhlíonadh na rialacha ceangailteacha corparáideacha. Áireofar ar na sásraí sin iniúchtaí ar chosaint sonraí agus modhanna lena n-áirithítear gníomhaíochtaí ceartaitheacha chun cearta an ábhair sonraí a chosaint. Ba cheart torthaí an fhíoraithe sin a chur in iúl don duine nó don eintiteas dá dtagraítear i bpointe (h) agus do bhord an ghnóthais rialaithe de ghrúpa gnóthas nóde ghrúpa fiontar a bhfuil gníomhaíocht chomhpháirteach eacnamaíoch ar bun acu, agus ba cheart iad a bheith ar fáil arna iarraidh sin don údarás inniúil maoirseachta;
|
|
(k)
|
na sásraí chun athruithe ar na rialacha a thaifeadadh agus a thuairisciú agus chun tuairisc a thabhairt don údarás maoirseachta faoi na hathruithe sin;
|
|
(l)
|
an sásra don chomhar leis an údarás maoirseachta chun comhlíonadh a áirithiú i gcás gach comhalta den ghrúpa gnóthas, nó grúpa fiontar a bhfuil gníomhaíocht chomhpháirteach eacnamaíoch ar bun acu, go háirithe trí thorthaí na bhfíoruithe ar na bearta dá dtagraítear i bpointe (j) den mhír seo a chur ar fáil don údarás maoirseachta;
|
|
(m)
|
na sásraí chun aon cheanglais dlí a bhfuil comhalta den ghrúpa gnóthas nó grúpa fiontar a bhfuil gníomhaíocht chomhpháirteach eacnamaíoch ar bun acu faoina réir i dtríú tír a thuairisciú don údarás inniúil maoirseachta, ar dóchúil go mbeadh éifeacht shuntasach dhíobhálach aige ar na ráthaíochtaí dá bhforáiltear leis na rialacha ceangailteacha corparáideacha; agus
|
|
(n)
|
an oiliúint iomchuí i ndáil le cosaint sonraí do phearsanra a bhfuil rochtain bhuan nó rialta acu ar shonraí pearsanta.
|
3. Féadfaidh an Coimisiún an fhormáid agus na nósanna imeachta a shonrú maidir le faisnéis a mhalartú idir rialaitheoirí, próiseálaithe agus údaráis mhaoirseachta i gcás rialacha ceangailteacha corparáideacha de réir bhrí an Airteagail seo. Glacfar na gníomhartha cur chun feidhme sin i gcomhréir leis an nós imeachta scrúdúcháin dá dtagraítear in Airteagal 93(2).
- agus 23
- sonraí 21
- bhfuil 12
- lena 10
- ceangailteacha 10
- corparáideacha 10
- ghrúpa 9
- rialacha 9
- chun 9
- eacnamaíoch 7
- gnóthas 7
- fiontar 7
- gníomhaíocht 7
- chomhpháirteach 7
- maoirseachta 7
- maidir 6
- leis 6
- údarás 6
- atá 5
- comhalta 5
- dtagraítear 4
- gcomhréir 4
- pearsanta 4
- réir 4
- cearta 4
- gach 4
- grúpa 4
- ceart 4
- dlí 4
- sásraí 4
- n-áirítear 4
- faoi 4
|
GDPR - BG CS DE EL EN ES ET FI FR GA IT LV LT MT PT SK SL SV
CHAPTER V
Transfers of personal data to third countries or international organisations
Section 5
Codes of conduct and certification
Article 47 Binding corporate rules
1. The competent supervisory authority shall approve binding corporate rules in accordance with the consistency mechanism set out in Article 63, provided that they:
|
(a)
|
are legally binding and apply to and are enforced by every member concerned of the group of undertakings, or group of enterprises engaged in a joint economic activity, including their employees;
|
|
(b)
|
expressly confer enforceable rights on data subjects with regard to the processing of their personal data; and
|
|
(c)
|
fulfil the requirements laid down in paragraph 2.
|
2. The binding corporate rules referred to in paragraph 1 shall specify at least:
|
(a)
|
the structure and contact details of the group of undertakings, or group of enterprises engaged in a joint economic activity and of each of its members;
|
|
(b)
|
the data transfers or set of transfers, including the categories of personal data, the type of processing and its purposes, the type of data subjects affected and the identification of the third country or countries in question;
|
|
(c)
|
their legally binding nature, both internally and externally;
|
|
(d)
|
the application of the general data protection principles, in particular purpose limitation, data minimisation, limited storage periods, data quality, data protection by design and by default, legal basis for processing, processing of special categories of personal data, measures to ensure data security, and the requirements in respect of onward transfers to bodies not bound by the binding corporate rules;
|
|
(e)
|
the rights of data subjects in regard to processing and the means to exercise those rights, including the right not to be subject to decisions based solely on automated processing, including profiling in accordance with Article 22, the right to lodge a complaint with the competent supervisory authority and before the competent courts of the Member States in accordance with Article 79, and to obtain redress and, where appropriate, compensation for a breach of the binding corporate rules;
|
|
(f)
|
the acceptance by the controller or processor established on the territory of a Member State of liability for any breaches of the binding corporate rules by any member concerned not established in the Union; the controller or the processor shall be exempt from that liability, in whole or in part, only if it proves that that member is not responsible for the event giving rise to the damage;
|
|
(g)
|
how the information on the binding corporate rules, in particular on the provisions referred to in points (d), (e) and (f) of this paragraph is provided to the data subjects in addition to Articles 13 and 14;
|
|
(h)
|
the tasks of any data protection officer designated in accordance with Article 37 or any other person or entity in charge of the monitoring compliance with the binding corporate rules within the group of undertakings, or group of enterprises engaged in a joint economic activity, as well as monitoring training and complaint-handling;
|
|
(i)
|
the complaint procedures;
|
|
(j)
|
the mechanisms within the group of undertakings, or group of enterprises engaged in a joint economic activity for ensuring the verification of compliance with the binding corporate rules. Such mechanisms shall include data protection audits and methods for ensuring corrective actions to protect the rights of the data subject. Results of such verification should be communicated to the person or entity referred to in point (h) and to the board of the controlling undertaking of a group of undertakings, or of the group of enterprises engaged in a joint economic activity, and should be available upon request to the competent supervisory authority;
|
|
(k)
|
the mechanisms for reporting and recording changes to the rules and reporting those changes to the supervisory authority;
|
|
(l)
|
the cooperation mechanism with the supervisory authority to ensure compliance by any member of the group of undertakings, or group of enterprises engaged in a joint economic activity, in particular by making available to the supervisory authority the results of verifications of the measures referred to in point (j);
|
|
(m)
|
the mechanisms for reporting to the competent supervisory authority any legal requirements to which a member of the group of undertakings, or group of enterprises engaged in a joint economic activity is subject in a third country which are likely to have a substantial adverse effect on the guarantees provided by the binding corporate rules; and
|
|
(n)
|
the appropriate data protection training to personnel having permanent or regular access to personal data.
|
3. The Commission may specify the format and procedures for the exchange of information between controllers, processors and supervisory authorities for binding corporate rules within the meaning of this Article. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 93(2).
Link to art.:
- data 18
- group 14
- binding 12
- rules 11
- corporate 10
- supervisory 8
- enterprises 7
- joint 7
- activity 7
- engaged 7
- authority 7
- undertakings 7
- economic 7
- member 6
- processing 6
- accordance 5
- competent 5
- shall 5
- protection 5
- personal 4
- mechanisms 4
- referred 4
- subjects 4
- rights 4
- including 4
- article 4
- within 3
- the 3
- provided 3
- compliance 3
- requirements 3
- transfers 3
|
