摘要
当前世界各国对个人数据保护及其控制权的需求日益迫切,欧盟《通用数据保护条例》在这一背景下出台并全面实施。通过该条例与《中华人民共和国网络安全法》《中华人民共和国个人信息保护法》等在适用范围、数据主体权利、义务主体义务等方面规范的对比可知,该条例的扩张性管辖、数据可携权、被遗忘权、数据保护官制度和有拘束力的公司规则等新条款都对中国企业开展涉欧业务提出了新要求。面对国内外相关条款在适用上的抵牾,中国企业应努力做到严格区分管辖权和市场对象,同时在数据收集、处理及转移等全过程中对欧洲公民个人数据安全提供充分保护,利用数据跨境传输规则的完善加强自身合规建设以规避该条例的管辖。
At present,countries around the world have an increasingly urgent demand for personal data protection andcontrol.The EU′s General Data Protection Regulation has been promulgated and fully implemented in this context.By comparing this regulation with the Network Security Law of the People′s Republic of China and the Personal Information Protection Law of the People′s Republic of China in terms of scope of application,data subject rights,and obligations of obligationsubject,it can be seen that the new provisions of the regulation,such as expansionary jurisdiction,data portability,right to be forgotten,data protection officer system and binding company rules,have put forward new requirements for Chinese enterprises to carry out business related to Europe.In the face of conflicts in the application of relevant provisions at home and abroad,Chinese enterprises should strive to strictly distinguish jurisdiction and market objects,provide full protection for the security of European citizens′ personal data during the entire process of data collection,processing and transfer,and take advantage of the improvement of data cross-border transmission rules to strengthen their own compliance construction in order to avoid the jurisdiction of the regulation.
作者
杨宗凯
YANG Zong-kai(Central South University,Changsha 410012 China)
出处
《新余学院学报》
2022年第2期72-79,共8页
Journal of Xinyu University
基金
国家社科基金项目“产业融合中平台竞争规制与用户权益保障机制研究”(14CFX041)
中南大学研究生科研创新项目“欧盟GDPR视野下我国企业的合规应对研究”(1053320213064)。
关键词
GDPR
企业合规
数据主体
被遗忘权
GDPR
corporate compliance
data subject
right to be forgotten
