Back

Establish, implement, and maintain Binding Corporate Rules for the international transfers of restricted data.


CONTROL ID
12584
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a personal data accountability program., CC ID: 13432

This Control has the following implementation support Control(s):
  • Include cooperation mechanisms with the supervisory authority in the Binding Corporate Rules., CC ID: 12682
  • Include the tasks assigned to the role of data controller in the Binding Corporate Rules., CC ID: 12612
  • Include data subject's rights in the Binding Corporate Rules., CC ID: 12596
  • Include the organizational structure and contact information in the Binding Corporate Rules., CC ID: 12595
  • Include the acceptance of liability for breaches of the binding corporate rules in the Binding Corporate Rules., CC ID: 12594
  • Include the mechanisms for reporting legal requirements causing adverse effects on protecting restricted data in the Binding Corporate Rules., CC ID: 12620
  • Include provisions for providing information on the binding corporate rules to the data subject in the Binding Corporate Rules., CC ID: 12593
  • Include reporting changes to the binding corporate rules in the Binding Corporate Rules., CC ID: 12591
  • Include complaint procedures in the Binding Corporate Rules., CC ID: 12613
  • Include the data transfers in the Binding Corporate Rules., CC ID: 12590
  • Include specifying the legally binding nature of the binding corporate rules in the Binding Corporate Rules., CC ID: 12627
  • Include privacy awareness and training in the Binding Corporate Rules., CC ID: 12626


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A data user shall not transfer personal data to a place outside Hong Kong unless- (Part 6 Section 33(2), Hong Kong Personal Data (Privacy) Ordinance, E.R. 1 of 2013)
  • the transfer is for the avoidance or mitigation of adverse action against the data subject; (Part 6 Section 33(2)(d)(i), Hong Kong Personal Data (Privacy) Ordinance, E.R. 1 of 2013)
  • it is not practicable to obtain the consent in writing of the data subject to that transfer; and (Part 6 Section 33(2)(d)(ii), Hong Kong Personal Data (Privacy) Ordinance, E.R. 1 of 2013)
  • The competent authorities of the People's Republic of China shall handle foreign judicial or law enforcement authorities' requests for personal information stored within China in accordance with relevant laws and the international treaties and agreements concluded or acceded to by the People's Repub… (Article 41, Personal Information Protection Law of the People's Republic of China)
  • X and Y are bound by any contract or other agreement or binding corporate rules requiring the recipient of personal data about P to implement and maintain appropriate safeguards for the personal data. (FIRST SCHEDULE PART 5 ยง 1.(3)(c), Singapore Personal Data Protection Act 2012 (No. 26 of 2012), Revised Edition 2021)
  • In addition to adherence by controllers or processors subject to this Regulation, codes of conduct approved pursuant to paragraph 5 of this Article and having general validity pursuant to paragraph 9 of this Article may also be adhered to by controllers or processors that are not subject to this Reg… (Art. 40.3., Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
  • when the transfer is necessary for international legal cooperation between public intelligence, investigative and prosecutorial agencies, in accordance with the instruments of international law; (Art. 33.III, Brazilian Law No. 13709, of August 14, 2018)
  • when the transfer results in a commitment undertaken through international cooperation; (Art. 33.VI, Brazilian Law No. 13709, of August 14, 2018)
  • other specific circumstances relating to the transfer. (Art. 34.VI, Brazilian Law No. 13709, of August 14, 2018)
  • global corporate rules; (Art. 33.II(c), Brazilian Law No. 13709, of August 14, 2018)
  • regularly issued stamps, certificates and codes of conduct; (Art. 33.II(d), Brazilian Law No. 13709, of August 14, 2018)