Want to keep learning?

This content is taken from the University of Groningen's online course, Understanding the GDPR. Join the course to learn more.
People talking

Joint controllers and their obligations

Where two or more controllers determine the purposes and means of processing, they are joint controllers (Article 26). Under the GDPR joint controllers have to determine their respective responsibilities for legal compliance and rights of data subjects in a transparent manner. They can do so for example in a clear contractual arrangement.

The arrangement needs to reflect the roles and relationships between the joint controllers and made available to data subjects. A data subject may exercise his or her rights against each of the controllers. Each data controller is individually liable for legal compliance under Article 82. After providing remedies to data subjects, a joint controller may claim its losses from other joint controllers or processors, if applicable, according to its roles and responsibilities in the processing at stake.

Share this article:

This article is from the free online course:

Understanding the GDPR

University of Groningen

Get a taste of this course

Find out what this course is like by previewing some of the course steps before you join: