Establish, implement, and maintain Binding Corporate Rules for the international transfers of restricted data.
CONTROL ID 12584
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a personal data accountability program., CC ID: 13432
This Control has the following implementation support Control(s):
Include cooperation mechanisms with the supervisory authority in the Binding Corporate Rules., CC ID: 12682
Include the tasks assigned to the role of data controller in the Binding Corporate Rules., CC ID: 12612
Include data subject's rights in the Binding Corporate Rules., CC ID: 12596
Include the organizational structure and contact information in the Binding Corporate Rules., CC ID: 12595
Include the acceptance of liability for breaches of the binding corporate rules in the Binding Corporate Rules., CC ID: 12594
Include the mechanisms for reporting legal requirements causing adverse effects on protecting restricted data in the Binding Corporate Rules., CC ID: 12620
Include provisions for providing information on the binding corporate rules to the data subject in the Binding Corporate Rules., CC ID: 12593
Include reporting changes to the binding corporate rules in the Binding Corporate Rules., CC ID: 12591
Include complaint procedures in the Binding Corporate Rules., CC ID: 12613
Include the data transfers in the Binding Corporate Rules., CC ID: 12590
Include specifying the legally binding nature of the binding corporate rules in the Binding Corporate Rules., CC ID: 12627
Include privacy awareness and training in the Binding Corporate Rules., CC ID: 12626
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
A data user shall not transfer personal data to a place outside Hong Kong unless- (Part 6 Section 33(2), Hong Kong Personal Data (Privacy) Ordinance, E.R. 1 of 2013)
the transfer is for the avoidance or mitigation of adverse action against the data subject; (Part 6 Section 33(2)(d)(i), Hong Kong Personal Data (Privacy) Ordinance, E.R. 1 of 2013)
it is not practicable to obtain the consent in writing of the data subject to that transfer; and (Part 6 Section 33(2)(d)(ii), Hong Kong Personal Data (Privacy) Ordinance, E.R. 1 of 2013)
The competent authorities of the People's Republic of China shall handle foreign judicial or law enforcement authorities' requests for personal information stored within China in accordance with relevant laws and the international treaties and agreements concluded or acceded to by the People's Repub… (Article 41, Personal Information Protection Law of the People's Republic of China)
X and Y are bound by any contract or other agreement or binding corporate rules requiring the recipient of personal data about P to implement and maintain appropriate safeguards for the personal data. (FIRST SCHEDULE PART 5 ยง 1.(3)(c), Singapore Personal Data Protection Act 2012 (No. 26 of 2012), Revised Edition 2021)
In addition to adherence by controllers or processors subject to this Regulation, codes of conduct approved pursuant to paragraph 5 of this Article and having general validity pursuant to paragraph 9 of this Article may also be adhered to by controllers or processors that are not subject to this Reg… (Art. 40.3., Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
when the transfer is necessary for international legal cooperation between public intelligence, investigative and prosecutorial agencies, in accordance with the instruments of international law; (Art. 33.III, Brazilian Law No. 13709, of August 14, 2018)
when the transfer results in a commitment undertaken through international cooperation; (Art. 33.VI, Brazilian Law No. 13709, of August 14, 2018)
other specific circumstances relating to the transfer. (Art. 34.VI, Brazilian Law No. 13709, of August 14, 2018)
global corporate rules; (Art. 33.II(c), Brazilian Law No. 13709, of August 14, 2018)
regularly issued stamps, certificates and codes of conduct; (Art. 33.II(d), Brazilian Law No. 13709, of August 14, 2018)