interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- article 8
- processor 7
- controller 7
- data 7
- appropriate 6
- supervisory_authority 6
- enforceable 6
- country 6
- referred 6
- third 6
- safeguards 6
- article 5
- pursuant 5
- rights 4
- between 4
- commission 4
- adopted 4
- paragraph 3
- shall 3
- approved 3
- subjects 3
- binding 3
- accordance 3
- clauses 3
- apply 3
- provided 3
- decision 3
- personal_data 3
- transfer 3
- subject 3
- transfers 2
- international_organisation 2
- procedure 2
- remain 2
- examination 2
- together 2
- mechanism 2
- administrative 2
- union 2
- force 2
- regards 2
- commitments 2
- including 2
- standard 2
- protection 2
- basis 2
- authorisation 2
- only 2
- requiring 2
- without 2
Article 46
Transfers subject to appropriate safeguards
1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal_data to a third country or an international_organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
2. The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorisation from a supervisory_authority, by:
(a) | a legally binding and enforceable instrument between public authorities or bodies; |
(b) | binding_corporate_rules in accordance with Article 47; |
(c) | standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2); |
(d) | standard data protection clauses adopted by a supervisory_authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2); |
(e) | an approved code of conduct pursuant to Article 40 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights; or |
(f) | an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights. |
3. Subject to the authorisation from the competent supervisory_authority, the appropriate safeguards referred to in paragraph 1 may also be provided for, in particular, by:
(a) | contractual clauses between the controller or processor and the controller, processor or the recipient of the personal_data in the third country or international_organisation; or |
(b) | provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights. |
4. The supervisory_authority shall apply the consistency mechanism referred to in Article 63 in the cases referred to in paragraph 3 of this Article.
5. Authorisations by a Member State or supervisory_authority on the basis of Article 26(2) of Directive 95/46/EC shall remain valid until amended, replaced or repealed, if necessary, by that supervisory_authority. Decisions adopted by the Commission on the basis of Article 26(4) of Directive 95/46/EC shall remain in force until amended, replaced or repealed, if necessary, by a Commission Decision adopted in accordance with paragraph 2 of this Article.
Article 48
Transfers or disclosures not authorised by Union law
Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal_data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer pursuant to this Chapter.
whereas
dal 2004 diritto e informatica