Article 8
|
(Cross-border transmission of personal data on cloud service)
For cloud services involving cross-border transmission of personal data, an organization shall have the encryption transmission system in place, and make sure to comply with the Personal Data Protection Act of the Republic of China for a cloud service provider’s collection, processing, use, international transmission and control and management of personal data. The data subject’s authorization should be obtained prior to transmission and no transmission may violate the competent authority’s restrictions on international transmission. The full audit records should be kept.
|