Skip main navigation

Joint controllers and their obligations

Dr Bo Zhao discusses joint controllers and their obligations under GDPR.
People talking
© University of Groningen

Where two or more controllers determine the purposes and means of processing, they are joint controllers (Article 26). Under the GDPR joint controllers have to determine their respective responsibilities for legal compliance and rights of data subjects in a transparent manner. They can do so for example in a clear contractual arrangement.

The arrangement needs to reflect the roles and relationships between the joint controllers and made available to data subjects. A data subject may exercise his or her rights against each of the controllers. Each data controller is individually liable for legal compliance under Article 82. After providing remedies to data subjects, a joint controller may claim its losses from other joint controllers or processors, if applicable, according to its roles and responsibilities in the processing at stake.

© University of Groningen
This article is from the free online

Understanding the GDPR

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education