34
15039/15
VH/np
142
ANNEX
DGD 2C
LIMITE
EN
3.
The Commission, after assessing the adequacy of the level of protection, may decide that a
third country, or a territory or one or morespecified sectors within that third country, or an
international organisation ensures an adequate level of protection within the meaning of
paragraph 2. The implementing act shall provide for a mechanism for a periodic review, at
least every four years, which shall take into account all relevant developments in the third
country or international organisation. The implementing act shall specify its territorial and
sectorial application and, where applicable, identify the supervisory authority or authorities
mentioned in point(b) of paragraph 2. The implementing act shall be adopted in accordance
with the examination procedure referred to in Article 87(2).
3a. (…)
4.
(…)
4a. The Commission shall, on an on-going basis, monitor developments in third countries and
international organisations that could affect the functioning of decisions adopted pursuant to
paragraph 3 and decisions adopted on the basis of Article 25(6) of Directive 95/46/EC.
5.
The Commission shall, where available information reveals, in particular following the review
referred to in paragraph 3, decide that a third country, or a territory or a specified sector
within that third country, or an international organisation no longer ensures an adequate level
of protection within the meaning of paragraph 2 and, to the extent necessary, repeal, amend or
suspend the decision referred to in paragraph 3 without retro-active effect. The implementing
act shall be adopted in accordance with the examination procedure referred to in Article 87(2),
or, in cases of extreme urgency, in accordance with the procedure referred to in Article 87(3).
5a. The Commission shall enter into consultations with the third country or international
organisation with a view to remedying the situation giving rise to the decision made pursuant
to paragraph 5.
Online Remove password from protected PDF file hlep protect your PDF document in C# project, XDoc.PDF provides some PDF security settings. On this page, we will talk about how to achieve this via password.
copy protection pdf; adding a password to a pdf using reader
36
15039/15
VH/np
143
ANNEX
DGD 2C
LIMITE
EN
6.
A decision pursuant to paragraph 5 is without prejudice to transfers of personal data to the
third country, or the territory or specified sector within that third country, or the international
organisation in question pursuant to Articles 42 to 44.
7.
The Commission shall publish in the Official Journal of the European Unionand on its
website a list of those third countries, territories and specified sectors within a third country
and international organisations where it has decided that an adequate level of protection is or
is no longer ensured.
8.
Decisions adopted by the Commission on the basis of Article 25(6) of Directive 95/46/EC
shall remain in force until amended, replaced or repealed by a Commission Decision adopted
in accordance with paragraph 3 or 5.
Article 42
Transfers by way of appropriate safeguards
1.
In the absence of a decision pursuant to paragraph 3 of Article 41, a controller or processor
may transfer personal data to a third country or an international organisation only if the
controller or processor has adduced appropriate safeguards, and on condition that enforceable
data subject rights and effective legal remedies for data subjects are available.
2.
The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring
any specific authorisation from a supervisory authority, by:
(oa) a legally binding and enforceable instrument between public authorities or bodies; or
(a) binding corporate rules in accordance with Article 43; or
(b) standard data protection clauses adopted by the Commission in accordance with the
examination procedure referred to in Article 87(2); or
(c) standarddata protection clauses adopted by a supervisory authority and approved by the
Commission pursuant to the examination procedure referred to in Article 87(2); or
32
15039/15
VH/np
144
ANNEX
DGD 2C
LIMITE
EN
(d) an approved code of conduct pursuant to Article 38 together with binding and
enforceable commitments of the controller or processor in the third country to apply the
appropriate safeguards, including as regards data subjects’ rights; or
(e) an approved certification mechanism pursuant to Article 39 together with binding and
enforceable commitments of the controller or processor in the third country to apply the
appropriate safeguards, including as regards data subjects’ rights.
2a. Subject to the authorisation from the competent supervisory authority, the appropriate
safeguards referred to in paragraph 1 may also be provided for, in particular, by:
(a) contractual clauses between the controller or processor and the controller, processor or
the recipient of the data in the third country or international organisation; or
(b) provisions to be inserted into administrative arrangements between public authorities or
bodies which include enforceable and effective data subject rights.
3.
(…)
4.
(…)
5.
(…)
5a. The supervisory authority shall apply the consistency mechanism referred to in Article 57 in
the cases referred to in paragraph 2a.
5b. Authorisations by a Member State or supervisory authority on the basis of Article 26(2) of
Directive 95/46/EC shall remain valid until amended, replaced or repealed, if necessary, by
that supervisory authority. Decisions adopted by the Commission on the basis of Article 26(4)
of Directive 95/46/EC shall remain in force until amended, replaced or repealed, if necessary,
by a Commission Decision adopted in accordance with paragraph 2.
VB.NET PDF Library SDK to view, edit, convert, process PDF file imaging SDK to load, create, edit, convert, protect, compress, extract Support adding protection features to PDF file by adding password, digital signatures
convert password protected pdf to word online; pdf password remover online How to C#: Basic SDK Concept of XDoc.PDF for .NET Document Protect. You may add PDF document protection functionality into your C# program. To be specific, you can edit PDF password and digital signature, and
create password protected pdf online; pdf password reset
30
15039/15
VH/np
145
ANNEX
DGD 2C
LIMITE
EN
Article 43
Transfers by way of binding corporate rules
1.
The competentsupervisory authority shall approve binding corporate rulesin accordance with
the consistency mechanism set out in Article 57, provided that they:
(a) arelegally binding and apply to and are enforced by every member concerned of the
group of undertakings or groups of enterprises engaged in a joint economic activity,
including their employees;
(b) expressly confer enforceable rights on data subjects with regard to the processing of
their personal data;
(c) fulfil the requirements laid down in paragraph 2.
2.
The binding corporate rules referred to in paragraph 1 shall specify at least:
(a) the structure and contact details of the concerned group and of eachof its members;
(b) the data transfers or set of transfers, including the categories of personal data, the type
of processing and its purposes, the type of data subjects affected and the identification
of the third country or countries in question;
(c) their legally binding nature, both internally and externally;
(d) the application of the general data protection principles, in particular purpose
limitation, data minimisation, limited storage periods, data quality, data protection by
design and by default, legal basis for the processing, processing of special categories of
personal data, measures to ensure data security, and the requirements in respect of
onward transfers to bodies not bound by the binding corporate rules;
VB.NET PDF: Basic SDK Concept of XDoc.PDF Document Protect. You may add PDF document protection functionality into your VB.NET program. To be specific, you can edit PDF password and digital signature
break password on pdf; convert password protected pdf files to word online
33
15039/15
VH/np
146
ANNEX
DGD 2C
LIMITE
EN
(e) the rights of data subjects in regard to the processing of their personal data and the
means to exercise these rights, including the right not to be subject to decisions based
solely on automated processing, including profiling in accordance with Article 20, the
right to lodge a complaint before the competent supervisory authority and before the
competent courts of the Member States in accordance with Article 75, and to obtain
redress and, where appropriate, compensation for a breach of the binding corporate
rules;
(f) the acceptance by the controller or processor established on the territory of a Member
State of liability for any breaches of the binding corporate rules by any member
concerned not established in the Union; the controller or the processor may only be
exempted from this liability, in whole or in part, on proving that that member is not
responsible for the event giving rise to the damage;
(g) how the information on the binding corporate rules, in particular on the provisions
referred to in points (d), (e) and (f) of this paragraph is provided to the data subjects in
addition to Articles 14 and 14a;
(h) the tasks of any data protection officer designated in accordance with Article 35 or any
other person or entity in charge of the monitoring compliance with the binding
corporate rules within the group, as well as monitoring the training and complaint
handling;
(hh) the complaint procedures;
(i) the mechanisms within the group for ensuring the verification of compliance with the
binding corporate rules. Such mechanisms shall include data protection audits and
methods for ensuring corrective actions to protect the rights of the data subject. Results
of such verification should be communicated to the person or entity referred under point
(h) and to the board of the controlling undertaking or of the group of enterprises, and
should be available upon request to the competent supervisory authority;
26
15039/15
VH/np
147
ANNEX
DGD 2C
LIMITE
EN
(j) the mechanisms for reporting and recording changes to the rules and reporting these
changes to the supervisory authority;
(k) the co-operation mechanism with the supervisory authority to ensure compliance by any
member of the group, in particular by making available to the supervisory authority the
results of verifications of the measures referred to in point (i) of this paragraph;
(l) the mechanisms for reporting to the competent supervisory authority any legal
requirements to which a member of the group is subject in a third country which are
likely to have a substantial adverse effect on the guarantees provided by the binding
corporate rules; and
(m) the appropriate data protection training to personnel having permanent or regular access
to personal data.
2a. (…)
3.
(…)
4.
The Commission may specify the format and procedures for the exchange of information
between controllers, processors and supervisory authorities for binding corporate rules within
the meaning of this Article. Those implementing acts shall be adopted in accordance with the
examination procedure set out in Article 87(2).
33
15039/15
VH/np
148
ANNEX
DGD 2C
LIMITE
EN
Article 43a (new)
Transfers or disclosures not authorised by Union law
1.
Any judgment of a court or tribunal and any decision of an administrative authority of a third
country requiring a controller or processor to transfer or disclose personal data may only be
recognised or enforceable in any manner if based on an international agreement, such as a
mutual legal assistance treaty, in force between the requesting third country and the Union or
a Member State, without prejudice to other grounds for transfer pursuant to this Chapter.
Article 44
Derogations for specific situations
1.
In the absence of an adequacy decision pursuant to paragraph 3 of Article 41, or of
appropriate safeguards pursuant to Article 42, including binding corporate rules, a transfer or
a set of transfers of personal data to a third country or an international organisation may take
place only on condition that:
(a) the data subject has explicitly consented to the proposed transfer, after having been
informed of the possible risks of such transfers for the data subject due to the absence of
an adequacy decision and appropriate safeguards; or
(b) the transfer is necessary for the performance of a contract between the data subject and
the controller or the implementation of pre-contractual measures taken at the data
subject's request; or
(c) the transfer is necessary for the conclusion or performance of a contract concluded in
the interest of the data subject between the controller and another natural or legal
person; or
(d) the transfer is necessary for important reasons of public interest; or
(e) the transfer is necessary for the establishment, exercise or defence of legal claims; or
34
15039/15
VH/np
149
ANNEX
DGD 2C
LIMITE
EN
(f) thetransfer is necessary in order to protect the vital interests of the data subject or of
other persons, where the data subject is physically or legally incapable of giving
consent; or
(g) the transfer is made from a register which according to Union or Member State law is
intended to provide information to the public and which is open to consultation either by
the public in general or by any person who can demonstrate a legitimate interest, but
only to the extent that the conditions laid down in Union or Member State law for
consultation are fulfilled in the particular case; or
(h) Where a transfer could not be based on a provision in Articles 41 or 42, including
binding corporate rules, and none of the derogations for a specific situation pursuant to
points(a) to (g) is applicable, a transfer to a third country or an international
organisation may take place only if the transfer is not repetitive, concerns only a limited
number of data subjects, is necessary for the purposes of compelling legitimate interests
pursued by the controller which are not overridden by the interests or rights and
freedoms of the data subject, where the controller has assessed all the circumstances
surrounding the data transfer and based on this assessment adduced suitable safeguards
with respect to the protection of personal data. The controller shall inform the
supervisory authority of the transfer. The controller shall in addition to the information
referred to in Article 14 and Article 14a, inform the data subject about the transfer and
on the compelling legitimate interests pursued by the controller.
2.
A transfer pursuant to point (g) of paragraph 1 shall not involve the entirety of the personal
data or entire categories of the personal data contained in the register. When the register is
intended for consultation by persons having a legitimate interest, the transfer shall be made
only at the request of those persons or if they are to be the recipients.
3.
(…)
33
15039/15
VH/np
150
ANNEX
DGD 2C
LIMITE
EN
4.
Points (a),(b), (c) and (h) of paragraph 1 shall not apply to activities carried out by public
authorities in the exercise of their public powers.
5.
The public interest referred to in point (d) of paragraph 1 must be recognised in Union law or
in the law of the Member State to which the controller is subject.
5a. In the absence of an adequacy decision, Union law or Member State law may, for important
reasons of public interest, expressly set limits to the transfer of specific categories of personal
data to a third country or an international organisation. Member States shall notify such
provisions to the Commission.
6.
The controller or processor shall document the assessment as well as the suitable safeguards
referred to in point (h) of paragraph 1 in the records referred to in Article 28.
7.
(…).
Article 45
International co-operation for the protection of personal data
1.
In relation to third countries and international organisations, the Commission and supervisory
authorities shall take appropriate steps to:
(a) develop international co-operation mechanisms to facilitate the effective enforcement of
legislation for the protection of personal data;
(b) provide international mutual assistance in the enforcement of legislation for the
protection of personal data, including through notification, complaint referral,
investigative assistance and information exchange, subject to appropriate safeguards for
the protection of personal data and other fundamental rights and freedoms;
Documents you may be interested
Documents you may be interested