Joint controllers and their obligations
Where two or more controllers determine the purposes and means of processing, they are joint controllers (Article 26). Under the GDPR joint controllers have to determine their respective responsibilities for legal compliance and rights of data subjects in a transparent manner. They can do so for example in a clear contractual arrangement.
The arrangement needs to reflect the roles and relationships between the joint controllers and made available to data subjects. A data subject may exercise his or her rights against each of the controllers. Each data controller is individually liable for legal compliance under Article 82. After providing remedies to data subjects, a joint controller may claim its losses from other joint controllers or processors, if applicable, according to its roles and responsibilities in the processing at stake.
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
