Data processing in the form of a so-called “joint control” is characterized by two or more companies who process personal data on the basis of co-defined purposes and co-defined processing measures.
An example for such a joint control processing is the usage of a common storage infrastructure (e.g. cloud service). The controllers might store different data categories in this infrastructure and pursue different purposes with the data. However, as long as they jointly determine the purposes and means of the processing, a joint control processing prevails and a contract between the parties must be concluded.
The requirement’s purpose is to ensure that the segregation of modern business solutions does not lead to a state in which it becomes unclear who is in charge of a certain processing activity. In particular, the joint control agreement must stipulate which party is responsible for which data protection obligations (e.g. carrying out a data protection impact assessment). In addition, a so-called contact point for the data subject can be defined. In other words, a point to which data subjects can turn to exercise their data protection rights vis-à-vis the controller (e.g. right to information).
The essential contents of the Joint Control Agreement must be made available to the data subjects, which can be done via a website, for example. The privacy notice must also specify the controller responsible for the respective processing (name, address, contact details).
Definition of processing operations for which joint controllership exists.
Definition of spheres of responsibility within the defined joint processing.
Agreement on the duties of the individual responsible parties.
Definition of a data subject rights contact point, if applicable.
Mutual support in the implementation of data protection obligations related to joint control.
>> Find out which other data protection obligations have to be considered with respect to European data protection law.
.png){kind=small}
.png){kind=small}
.png){kind=small}
.png){kind=small}
