继续讨论第七类威胁：Non-compliance 不合规，Nc.1-Nc.1.2。

Non-compliance 不合规

见前文。

Nc.1 Regulatory non-compliance 不满足监管要求

见前文。

Nc.1.2 Generic regulatory non-compliance 一般监管违规

A general description of non-compliance with regulations (non-specific to a particular legal regime or environment).
对不遵守法规情况的一般性描述（不针对特定的法律制度或环境）。

Criteria 辨识要素

• Jurisdiction with privacy laws
  有隐私法的司法管辖区

  • Will the system be used in jurisdictions with specific rules for personal data processing (e.g., the EU)?
    系统是否将用于对个人数据处理有具体规定的司法管辖区（例如欧盟）？

• System/processing does not adhere to applicable rules
  系统/处理不符合适用规则

  • Does the system, or its processing activities, violate one or more rules in these applicable regulation(s)?
    系统或其处理活动是否违反了这些适用法规中的一条或多条规则？

Examples 示例

• No legal ground for processing under GDPR
  根据 GDPR没有处理的法律依据

  • The system processes information of EU citizens without a valid legal ground under GDPR.
    该系统处理欧盟公民的信息，在GDPR没有有效的合法理由。

• Selling data in violation of the CCPA
  违反 CCPA 出售数据

  • The system shares user information with third parties, violating ’Do Not Sell My Data’ rights under the CCPA.
    该系统与第三方共享用户信息，违反了CCPA规定的“不出售个人数据”的权利。

Impact 影响

• Fines and sanctions
  罚款和制裁

  • Non-compliance with local regulations may lead to hefty fines or other sanctions.
    不遵守当地法规可能会导致巨额罚款或其他制裁。

• Reputational damage due to high-profile lawsuits
  因引人注目的诉讼造成的声誉损害:

  • High-profile complaint cases or lawsuits may lead to negative media exposure and reputational damage.
    引人注目的投诉案件或诉讼可能会导致负面的媒体曝光和声誉受损。

Additional information 额外信息

• Perform a legal assessment
  进行法律评估

  • Before processing any personal data, perform an assessment on the applicable regulations for your processing activities and system.
    在处理任何个人数据之前，对您的处理活动和系统的适用法规进行评估。

• Document how the system will adhere to applicable regulation
  文件记录系统将如何遵守适用的法规

  • Document how your system will adhere to the applicable legal framework and regularly check that this is still the case.
    文件记录您的系统将如何遵守适用的法律框架，并定期检查是否仍然如此。