Data obtained from partners
I would like to know more about what it looks like when a partner company obtains personal data for its own company.
I am initially assuming that the partner will then be responsible for data protection? And or how exactly does this have to be contractually clarified or formulated?
I would be very happy to receive a feedback.
Assign topic to the user
"I would like to know more about what it looks like when a partner company obtains personal data for its own company.I am initially assuming that the partner will then be responsible for data protection?
It depends on the role of the partner in the data processing.
If both parties are equals in determining the purposes and means of data processing (both companies offer a part of the service to customers, i.e. the device and the software) they are considered joint controllers under Article 26 GDPR.
If the partner provides a service on the behalf of the other company (i.e. a marketing agency using data of the Client’s customers) it will be considered a data processor under Article 28 GDPR.
The difference is that while joint controllers define in their legal agreement the shares of liabilities (referred to the service/good offered) and each one has its own responsibility towards data subject (though data subject may exercise its rights in respect of and against each one controller), the data processor must follow the instruction received by the data controller who will always be liable for processor infringements of GDPR.
And or how exactly does this have to be contractually clarified or formulated?I would be very happy to receive feedback.
Again, the structure depends on the kind of relationship, even if the transfer of data in third countries is involved. In our Toolkit, you can find the template that helps you to draft the joint controllers’ agreement and the controller-processor agreement from the perspective you are a controller either a processor. You can also purchase templates individually.
- Controller to Controller Data Processing Agreement https://advisera.com/eugdpracademy/documentation/controller-to-controller-data-processing-agreement/
- Supplier Data Processing Agreement https://advisera.com/eugdpracademy/documentation/supplier-data-processing-agreement/
- EU GDPR Premium Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-premium-documentation-toolkit/
Here you can find more information about the controller and processor obligation:
- EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
- The obligations of controllers towards Data Protection Authorities according to GDPR https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/
If you need to understand how controllers need to comply with GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Feb 04, 2021