Joined Controller Agreement

A joined controller agreement is a legal document that outlines the terms and conditions for two or more entities to share responsibility for the processing of personal data. The agreement is typically used when two or more parties are involved in a joint venture or collaboration that requires the sharing of personal data.

Under the General Data Protection Regulation (GDPR), joint controllers must ensure that the processing of personal data is carried out in a transparent and lawful manner. This means that the joined controller agreement must clearly outline the roles and responsibilities of each party involved and provide specific details on how personal data will be collected, stored, processed, and shared.

Here are some key elements that should be included in a joined controller agreement:

1. Purpose: The agreement should clearly state the purpose of the collaboration and the types of personal data that will be collected, processed, and shared.

2. Roles and responsibilities: Each party’s responsibility should be clearly stated, detailing who will act as the primary processor and who will act as the secondary processor.

3. Data protection obligations: Each party must ensure that they comply with all of their obligations under GDPR. This includes ensuring that all personal data is processed lawfully and transparently, that individuals have the right to access their data, and that adequate security measures are in place to protect personal data.

4. Data subject rights: The agreement should detail how data subjects can exercise their rights, including the right to access, rectify and erase their personal data.

5. Data breach notification: The agreement should detail the process that will be taken in the event of a data breach, including who will be responsible for notifying data subjects and the supervisory authorities.

In summary, a joined controller agreement is a crucial document that outlines the terms and conditions for the sharing of personal data between two or more entities. It is essential that all parties involved comply with their obligations under GDPR to ensure that personal data is processed lawfully and transparently.

Scroll to Top