个人信息保护影响评估报告-模板（出境版）（中英对照版本）-知识库详情

全部课程

法律

合规

医疗

详细内容

个人信息保护影响评估报告（模板）（出境版）

Personal Information Protection Impact Assessment Report (Template)

(For Cross-border Transfer of Personal Information)

一、评估工作简述

Overview of Assessment Work

评估工作开展情况，包括起止时间、组织情况、实施过程、实施方式等内容。如有第三方机构参与评估，需说明第三方机构的基本情况及参与评估的情况，并在相关内容页上加盖第三方机构公章。

Provide a description of the assessment work, including starting and ending dates, organizational arrangements, implementation processes, and methods. If a third-party organization participates in the assessment, include an explanation of their basic information and their involvement in the assessment, and stamp the official seal of the third-party organization on the relevant content page.

二、出境活动整体情况

Overview of Information Cross-border Transfer Activities

详细说明个人信息处理者基本情况、个人信息出境涉及的业务和信息系统、出境个人信息情况、个人信息处理者个人信息保护能力情况、境外接收方情况、是否向第三方提供个人信息以及如何确保标准合同条款落实等。包括不限于：

Provide a detailed explanation of the personal information processor's basic situation, business and information systems related to the cross-border transfer of personal information, the personal information transferred abroad, the personal information processor's ability to protect personal information, overseas recipients, whether personal information is provided to third parties, and how to ensure the implementation of standard contract terms. This includes, but is not limited to:

（一）个人信息处理者基本情况

Basic Information of the Personal Information Processor

1.组织或者个人基本信息；

Organizational or individual basic information

2.股权结构和实际控制人信息；

Equity structure and actual controller information

3.组织架构信息；

Organizational structure information

4.个人信息保护机构信息；

Personal information protection organization information

5.整体业务与个人信息情况；

Overall business and personal information situation

6.境内外投资情况。

Domestic and foreign investment situation

（二）个人信息出境涉及业务和信息系统情况

Business and Information System Situation Involving the Cross-Border Transfer of Personal Information

1.个人信息出境涉及业务的基本情况；

Basic situation of business involving the cross-border transfer of personal information

2.个人信息出境涉及业务的个人信息收集使用情况；

Collection and use of personal information involved in the cross-border transfer of personal information

3.个人信息出境涉及业务的信息系统情况；

Information system situation involved in the cross-border transfer of personal information

4.个人信息出境涉及的数据中心（包含云服务）情况；

Data center situation involved in the cross-border transfer of personal information (including cloud services)

5.个人信息出境链路相关情况。

Relevant information about the international transfer process of personal information

（三）拟出境个人信息情况

Personal Information Intended for Export

1.说明个人信息处理者和境外接收方处理个人信息的目的、范围、方式，及其合法性、正当性、必要性；

Explanation of the purpose, scope, and method of personal information processing by the personal information processor and the overseas recipient, as well as their legality, legitimacy, and necessity.

2.说明出境个人信息的规模、范围、种类、敏感程度，处理敏感个人信息和利用个人信息进行自动化决策情况；

Explanation of the scale, scope, type, sensitivity of personal information to be exported, and the handling of sensitive personal information and the use of personal information for automated decision-making.

3.拟出境个人信息在境内存储的系统平台、数据中心等情况，计划出境后存储的系统平台、数据中心等；

The situation of the system platform and data center where personal information is stored domestically and planned to be stored after export.

4.个人信息出境后向境外其他接收方提供的情况。

The situation of providing personal information to other overseas recipients after the cross-border transfer of personal information.

（四）个人信息处理者个人信息保护能力情况

Personal Information Protection Capabilities of the Personal Information Processor

1.个人信息安全管理能力，包括管理组织体系和制度建设情况，全流程管理、应急处置、个人信息权益保护等制度及落实情况；

Personal information security management capabilities, including organizational management systems and regulatory construction, whole-process management, emergency response, personal information rights protection and implementation situations .

2.个人信息安全技术能力，包括个人信息收集、存储、使用、加工、传输、提供、公开、删除等全流程所采取的安全技术措施等；

Personal information security technical capabilities, including security measures taken throughout the collection, storage, use, processing, transmission, provision, public disclosure, and deletion of personal information.

3.个人信息保护措施有效性证明，例如开展的个人信息保护认证、个人信息保护合规审计、网络安全等级保护测评等情况；

Proof of the effectiveness of personal information protection measures, such as personal information protection certification, personal information protection compliance audit, network security level protection evaluation, etc.

4.遵守个人信息保护相关法律法规的情况。

Compliance with relevant laws and regulations on personal information protection.

（五）境外接收方情况

Situation of Overseas Recipients

1.境外接收方基本情况；

Basic information of overseas recipients

2.境外接收方处理个人信息的用途、方式等

The purpose and method of overseas recipients processing personal information

3.境外接收方的个人信息保护能力；

Personal information protection capabilities of overseas recipients

4.境外接收方所在国家或地区个人信息保护政策法规情况；

Personal information protection policies and regulations in the country or region where the overseas recipients are located Description of the entire process of overseas recipients processing personal information

5.境外接收方处理个人信息的全流程过程描述。

Description of the entire process of overseas recipients processing personal information

（六）个人信息处理者认为需要说明的其他情况

Other matters that the personal information processor considers necessary to explain.

三、拟出境活动的影响评估情况

Impact Assessment of Planned Personal Information Cross-border Transfer Activities

就下列事项逐项说明影响评估情况，重点说明评估发现的问题和风险隐患，以及相应采取的整改措施及整改效果。

Describe the impact assessment of each item below one by one, focusing on the problems and risks identified in the assessment and the corresponding rectification measures and results.

（一）个人信息处理者和境外接收方处理个人信息的目的、范围、方式等的合法性、正当性、必要性；

The legality, legitimacy, and necessity of personal information processing purposes, scope, methods, etc. of the personal information processor and the overseas recipient;

（二）出境个人信息的规模、范围、种类、敏感程度，个人信息出境可能对个人信息权益带来的风险；

The scale, scope, type, and sensitivity of personal information to be transferred abroad and the risks to personal information rights that may arise from the cross-border transfer of personal information;

（三）境外接收方承诺承担的义务，以及履行义务的管理和技术措施、能力等能否保障出境个人信息的安全；

The obligations promised by the overseas recipient, and whether the management and technical measures and capabilities to fulfill these obligations can ensure the security of the personal information transferred abroad;

（四）个人信息出境后遭到篡改、破坏、泄露、丢失、非法利用等的风险，个人信息权益维护的渠道是否通畅等；

Risks such as tampering, destruction, leakage, loss, and unlawful use of personal information after the cross-border transfer, and whether the channels for safeguarding personal information rights are unobstructed;

（五）境外接收方所在国家或者地区的个人信息保护政策和法规对标准合同履行的影响；

The impact of personal information protection policies and regulations in the country or region where the overseas recipients are located on the performance of standard contract terms;

（六）其他可能影响个人信息出境安全的事项。

Other matters that may affect the security of the cross-border transfer of personal information.

四、出境活动影响评估结论

Conclusions of Impact Assessment of Cross-border Transfer Activities

综合上述影响评估情况和相应整改情况，对个人信息出境活动作出客观的影响评估结论，充分说明得出评估结论的理由和论据。

Based on the above impact assessment and corresponding rectification measures, provide an objective assessment conclusion of the personal information cross-border transfer activities, clearly explaining the reasons and arguments for the assessment conclusion.

来源于微信公众号“C位数据谈”

联系邮箱：cathy.wu@watsonband.com

评论列表(0)

暂无提问

个人信息保护影响评估报告-模板（出境版）（中英对照版本）

详细内容

发表提问 取消回复

发表提问取消回复