合规法令英语长篇：想要从事数据与隐私维护合规的学习、作业途径
免责声明 disclaimer
本次共享的意图是供给法令英语学习的材料和信息。这些材料和信息仅供参阅，并不能被视为构成任何方法的法令主张。咱们不对因运用这些材料和信息所造成的使的任何成果承担任何责任。the purpose of this sharing is to provide materials and information for learning legal english. these materials and information are for reference only and should not be construed as constituting any form of legal advice. we do not accept any responsibility for any consequences arising from the use of these materials and information.
不打无预备之战，想好自个将来的作业打开方向，需要预备哪方面的技能？提前规划就可以战无不堪， live by design, not by default.
2、深化晓得gdpr的立法布景与首要内容，在实习大学，前沿常识。
3、几项从业者可以需要从事的作业：dpia数据维护影响评价
评定的要素包括：数据处置的性质、规模、上下文和意图；数据主体的数量、多样性和活络性；自个数据的传输方法、存储方法和处置方法；数据处置对数据主体权力的影响；数据平安和秘要性的维护办法；是不是存在数据同享、数据转让和世界数据转移等要素。评定进程大约透彻、具体、通明，且要记载一切评定成果和抉择计划，以备将来检查和监管之用。
the elements that need to be evaluated include: the nature, scope, context, and purposes of the processing activities; the number, diversity, and sensitivity of data subjects; the way personal data is transmitted, stored, and processed; the impact of the processing activities on the data subjects’ rights; the measures taken to ensure data security and confidentiality; and factors such as data sharing, transfers, and international data transfers. the assessment process should be thorough, detailed, transparent, and all assessment results and decisions should be documented for future review and regulatory oversight.
4、评定dpa数据处置协议要素
欧盟通用数据维护规则下，数据处置协议有必要包括以下要素：
数据处置意图和方法的清楚阐明；
数据主体权力的保证，包括造访、更正、删去、捆绑、数据可带着性等；
数据处置的合法性根据；
数据处置期限的清楚规则；
数据处置平安保证办法的清楚阐明；
子处置者的打点和监控。
under the eu general data protection regulation (gdpr), a data processing agreement must include the following elements:
a clear description of the purpose and methods of data processing;
safeguards for data subject rights, including access, correction, deletion, restriction, and data portability;
the legal basis for data processing;
a clear specification of the data processing period;
a clear description of data processing security measures;
management and monitoring of subprocessors.
these elements are based on the gdpr and other relevant laws and regulations.
01法学生数据合规从业预备?
作为一名刚结业或许接近结业的律师想要从事数据与隐私法领域，你需要做以下几方面的尽力和晓得以下法令：
as a new lawyer who wants to specialize in data and privacy law, you need to make efforts and understand the following legal aspects:
学习数据维护和隐私法令规划。你需要晓得一些中心的法令规划，例如欧洲的《通用数据维护规则》（gdpr）和美国的《加州花费者隐私法》（ccpa）。这些法令将会变成你作业的基础。
learn the legal framework of data protection and privacy. you need to understand some core legal frameworks, such as europe’s general data protection regulation (gdpr) and the california consumer privacy act (ccpa) in the united states. these laws will form the basis of your work.
learn data security and cyber security laws. you need to understand the laws and regulations related to data protection and cyber security, such as the cybersecurity information sharing act (cisa) in the united states and the network and information security directive (nis) in europe.
学习数据隐私与平安的技能方面。你需要晓得一些基础的核算机科学常识，例如数据库打点和数据加密等。这些常识可以协助你非常好地了解和处置与数据和隐私有关的法令疑问。
learn the technical aspects of data privacy and security. you need to understand some basic computer science knowledge, such as database management and data encryption. this knowledge can help you better understand and solve legal issues related to data and privacy.
加强交流和商洽技巧。你需肄业会与客户和其他专业人员进行有用的交流和商洽。因为在数据和隐私领域，你需要常常与技能人员和事务人员交流，以便非常好地了解客户的需要和处置方案。
enhance communication and negotiation skills. you need to learn how to effectively communicate and negotiate with clients and other professionals. because in the field of data and privacy, you need to frequently communicate with technical and business personnel to better understand the needs and solutions of clients.
build a professional network. you can participate in relevant legal and technical conferences, seminars, etc. to establish a professional network and understand the latest legal and technological developments.
假定你想在数据与隐私法领域打开作业生计，你需要做好以下预备：
if you want to develop a career in data and privacy law, you need to prepare the following:
树立杰出的法令基础。你需要具有厚实的法令常识和技能，包括法令研讨、起草法令文件、诉讼和法令说明等。
establish a strong legal foundation. you need to have solid legal knowledge and skills, including legal research, drafting legal documents, litigation, and legal interpretation.
学习有关技能。你需肄业习数据分析、信息打点和信息技能等有关技能，以便非常好地了解客户需要和处置数据和隐私疑问。
learn relevant skills. you need to learn skills such as data analysis, information management, and information technology to better understand client needs and handle data and privacy issues.
拓宽事务和作业常识。你需要晓得客户地址的作业和事务，以便非常好地供给法令征询和处置方案。
expand business and industry knowledge. you need to understand the industry and business where the client operates to provide better legal advice and solutions.
掌控言语才能。你需要具有流利的英语读写才能，因为在数据和隐私领域，你需要阅览和了解各种世界法令文件和合同。
master language skills. you need to have fluent english reading and writing skills because in the field of data and privacy, you need to read and understand various international legal documents and

contracts.
寻找机缘。你可以寻找机缘在律师事务所、公司或政府机构等场所实习或作业，以便非常好地晓得并堆集实习经历。
find opportunities. you can look for opportunities to intern or work in law firms, companies, or government agencies to better understand and accumulate practical experience.
02通用数据维护规则
1.布景
关于欧盟通用数据维护规则的出台，议论纷纷。
有人拿欧盟某所大学因为被忘掉权的行使，使得许多犹太学生逃过大残杀虐待来证明数据维护和被忘掉权删去权的可贵。
也有人用欧洲高人权优势来保卫其立法的合理性，但也有人批判，欧盟严肃的数据维护是因为欧盟本乡短少大型互联网公司，所以严肃的立法添加了其他国家大型互联网公司的合规本钱，给欧盟本乡小公司以一丝喘息的机缘。
更有人不屑的认为欧盟通用数据维护规则尽管是一个极好的立法模本，但其出台却意味着欧盟经济体走向了虚弱。
下面从正派的视点来介绍这部法令。
通用数据维护规则（gdpr）是欧盟为了加强对公民自个隐私的维护而拟定的一项法令。
the general data protection regulation (gdpr) is a law enacted by the eu to strengthen the protection of citizens’ personal privacy.
这项法令是为了标准欧盟内部以及与欧盟成员国有事务交游的公司和组织在处置自个数据时的行为。
this law aims to regulate the behavior of companies and organizations that operate within the eu or have business dealings with eu member states when handling personal data.
在拟定gdpr之

前，欧盟的数据维护法令法规相对较为涣散和落后，不能极好地保证公民的自个隐私。
before the enactment of gdpr, the eu’s data protection laws and regulations were relatively fragmented and outdated, which could not effectively protect citizens’ personal privacy.
gdpr的出台使得欧盟内自个数据维护的法令法规愈加共同和完善，保证公民的隐私权益。
the introduction of gdpr has made the eu’s laws and regulations on personal data protection more unified and complete, protecting the privacy rights and interests of citizens.
2.重要术语与界说
供对这个法令上没有无缺概念的同学做一个简略的参阅。过后可以自个对 gdpr进行完善的研讨。
以下是欧洲通用数据维护规则（gdpr）中的一些首要界说，包括中英双语对照：
自个数据 (personal data)：任何触及天然人的信息，例如名字、地址、电子邮件地址、ip地址、相片等。(any information relating to an identified or identifiable natural person, such as name, address, email address, ip address, photograph, etc.)
处置 (processing)：对自个数据进行任何操作的进程，例如搜集、记载、组织、存储、传输、更改、删去等。(any operation performed on personal data, such as collection, recording, organization, storage, transmission, alteration, deletion, etc.)
数据控制者 (controller)：对自个数据进行处置的机构或自个，断定如何运用数据并承担有关责任。(the organization or individual that processes personal data, determines how the data is used and assumes related responsibilities.)
数据处置者 (processor)：代表控制器处置自个数据的机构或自个。(the organization or individual that processes personal data on behalf of the controller.)
数据维护官 (data protection officer, dpo)：担任监督控制器或处置者恪守数据维护规则的专业人员。(a professional responsible for overseeing the controller or processor’s compliance with data protection regulations.)
附和 (consent)：关于自个数据的处置，自愿且清楚的附和，有必要是特定、知情和清楚的。(voluntary and explicit agreement for the processing of personal data, which must be specific, informed, and unambiguous.)
违规告诉 (data breach notification)：当数据泄露可以会对自个权力和安适发生高风险时，有必要在72小时内向监管机构和数据主体告诉。(notification to regulatory authorities and data subjects within 72 hours when a data breach is likely to result in high risk to the rights and freedoms of individuals.)
隐私影响评价 (privacy impact assessment, pia)：关于数据处置可以会对自个发生高风险的情况，有必要进行风险评价。(risk assessment for data processing that may result in high risk to individuals.)
数据主体权力：gdpr清楚规则了数据主体（即数据的有关人员）的权力，包括造访其自个数据、更正其自个数据、删去其自个数据、捆绑其自个数据的处置、数据可带着性等。data subject rights: gdpr clearly defines the rights of data subjects (i.e. individuals whose data is being processed), including the right to access their personal data, correct their personal data, delete their personal data, restrict the processing of their personal data, data portability, and more.
数据主体在通用数据维护规则下具有以下首要权力：
造访权：数据主体有权恳求组织招认是不是正在处置其自个数据，以及获取与其有关的数据的副本。
right of access: data subjects have the right to request confirmation from organizations as to whether or not their personal data is being processed, and to obtain a copy of the data related to them.
更正权：数据主体有权恳求组织更正其不精确或不无缺的自个数据。
right of rectification: data subjects have the right to request that organizations correct any inaccurate or incomplete personal data.
删去权：数据主体有权恳求组织删去其自个数据，但仅在数据不再必要、数据处置违背法规、或许数据主体撤回附和等情况下。
right of erasure: data subjects have the right to request that organizations delete their personal data, but only where the data is no longer necessary, the processing is in breach of the law, or the data subject has withdrawn consent.
捆绑处置权：数据主体有官僚求组织捆绑其自个数据的处置，但仅在特定条件下，例如数据精确性有争议或处置不当。
right to restrict processing: data subjects have the right to request that organizations restrict the processing of their personal data, but only under certain conditions, such as disputed accuracy or improper processing.
数据可带着性权：数据主体有官僚求组织以通用格局供给其自个数据的副本，以便将其转移到另一个组织。
right to data portability: data subjects have the right to request that organizations provide them with a copy of their personal data in a commonly used format, so that it can be transferred to another organization.
对立权：数据主体有权对立组织处置其自个数据，但仅在特定条件下，例如根据自个情况进行直接推广。
right to object: data subjects have the right to object to the processing of their personal data by organizations, but only under certain conditions, such as for direct marketing based on personal circumstances.
数据维护官（dpo）：gdpr需求一些组织有必要指定一个数据维护官，担任监督组织的数据维护方针和程序是不是契合gdpr的需求。data protection officer (dpo): gdpr requires some organizations to appoint a data protection officer, who is responsible for overseeing the organization’s data protection policies and procedures to ensure compliance with gdpr requirements.
违规处置：gdpr对违背规则的赏罚非常严肃，最高可罚款高达全球年运营额的4%或2,000万欧元（取两者中的最大值），一起还可以面临名誉丢掉、诉讼等风险。penalties for non-compliance: gdpr imposes severe penalties for violations, with fines of up to 4% of global annual revenue or €20 million (whichever is greater), as well as the potential for reputational damage, lawsuits, and other risks.
03dpia
dpia是数据维护影响评价的缩写，是指在进行某些特定的数据处置活动之前，根据gdpr的规则进行的一项评价，旨在断定并处置这些活动可以对数据主体的隐私和数据维护权力发生的风险。
a dpia (data protection impact assessment) is an assessment carried out under the gdpr (general data protection regulation) that aims to identify and mitigate risks to individuals’ privacy and data protection rights from specific data processing activities before they are carried out.
大约留心哪些风险峻害？值得评定的要素包括：
there are several key risk factors that dpos should be aware of when conducting a dpia. elements that should be evaluated include:
1.数据处置的性质、规模、上下文和意图；
the nature, scope, context, and purpose of the data processing;
2.数据处置的可以影响和风险，包括数据主体的权力和安适、秘要性、无缺性和可用性；
the potential impacts and risks of the data processing, including to individuals’ rights and freedoms, confidentiality, integrity, and availability;
3.处置活络数据的风险；
the risks associated with processing sensitive data;
4.处置很大都据的风险；
the risks associated with processing large amounts of data;
5.数据处置触及跨境传输的风险；
the risks associated with cross-border data transfers;
6.数据处置的技能和组织平安办法；
the technical and organizational security measures in place for the data processing;
7.处置数据的参加方（包括第三方）的可信度。
the trustworthiness of parties (including third parties) involved in the data processing.
04数据处置协议dpa
一份合格的数据处置协议大约大致包括以下要素：
1.数据处置的意图和规模：该协议应清楚阐明数据的运用规模和意图，而且需要与数据主体的授权共同。
purpose and scope of data processing: the agreement should clearly state the scope and purpose of data use, and must be consistent with the authorization of the data subject.
法令根据：gdpr第5条第1款(a)和(b)款，第6条第1款(b)款。
legal basis: article 5(1)(a) and (b), article 6(1)(b) of the gdpr.
2.数据主体权力：协议大约清楚阐明数据主体享有哪些权力，包括造访、更正、删去、捆绑处置、数据可带着性和对立处置等。
data subject rights: the agreement should clearly state what rights the data subject has, including the right to access, correct, delete, restrict processing, data portability and object to processing.
法令根据：gdpr第12-23条。
legal basis: articles 12-23 of the gdpr.
3.数据处置平安：协议大约包括清楚的数据平安办法，以保证数据平安，包括技能和组织方面的办法。
data processing security: the agreement should contain clear data security measures to ensure data security, including technical and organizational measures.
法令根据：gdpr第32-34条。
legal basis: articles 32-34 of the gdpr.
4.第三方数据处置：假定数据处置触及第三方，协议大约包括必要的授权和监管规则，以保证这些第三方的数据处置契合gdpr的规则。
third-party data processing: if data processing involves third parties, the agreement should include necessary authorizations and regulatory provisions to ensure that these third-party data processing activities comply with the gdpr.
法令根据：gdpr第28-29条。
legal basis: articles 28-29 of the gdpr.
5.数据搬场：假定数据需要从欧盟移动到非欧盟国家，协议大约包括必要的数据维护规则，以保证数据的平安性和隐私性。
data transfer: if data needs to be transferred from the eu to non-eu countries, the agreement should include necessary data protection provisions to ensure data security and privacy.
法令根据：gdpr第44-50条。
legal basis: articles 44-50 of the gdpr.
6.违规处置的成果：协议大约包括违规处置的成果和可以的抵偿方案。
consequences of non-compliant processing: the agreement should include the consequences of non-compliant processing and possible compensation schemes.
法令根据：gdpr第82-84条。
legal basis: articles 82-84 of the gdpr.
之后再持续写内容，这种方法感触还不错，假定看不理解内容的话，也可以学一下法令英语词汇，就当有志于将来数据维护合规从业者提前了解一下自个将来作业。
之后有空可以还会带来更多的这类的内容，包括：
归纳学习市道上揭露可见的隐私维护声明来分析隐私维护声明首要包括哪些要素，以及有哪些，留心的点？
爬虫合规的中英双语。
app合规的中英双语。
跨境并购的有关术语中英对照学习。
api接口合规中英双语
跨境争议处置常用术语对照学习。
争议处置根据法归于对照学习。
跨境出资裁定术语对照学习。
想看的可以给我一键三连或许请我喝杯咖啡，谢谢我们。