Joint controllers

Where we and another controller jointly determine why and how personal data should be processed, we will be regarded as a ‘joint controller’.

If this is the case, then the appropriate officer must work with the ‘opposite number’ to determine the respective responsibilities of the controllers for compliance with GDPR about the exercise of any rights by an individual and the controllers’ respective duties to provide a privacy notice.

The arrangement must reflect the respective roles and relationships of the joint controllers towards the individual(s).

The essence of the arrangement shall be made available to any individual.