BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

Data obtained from partners

  Quote
Guest
Guest user Created:   Feb 04, 2021 Last commented:   Feb 04, 2021

Data obtained from partners

I would like to know more about what it looks like when a partner company obtains personal data for its own company.
I am initially assuming that the partner will then be responsible for data protection? And or how exactly does this have to be contractually clarified or formulated?

I would be very happy to receive a feedback.

0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Feb 04, 2021

"I would like to know more about what it looks like when a partner company obtains personal data for its own company.I am initially assuming that the partner will then be responsible for data protection?

It depends on the role of the partner in the data processing.

If both parties are equals in determining the purposes and means of data processing (both companies offer a part of the service to customers, i.e. the device and the software) they are considered joint controllers under Article 26 GDPR.

If the partner provides a service on the behalf of the other company (i.e. a marketing agency using data of the Client’s customers) it will be considered a data processor under Article 28 GDPR.

The difference is that while joint controllers define in their legal agreement the shares of liabilities (referred to the service/good offered) and each one has its own responsibility towards data subject (though data subject may exercise its rights in respect of and against each one controller), the data processor must follow the instruction received by the data controller who will always be liable for processor infringements of GDPR.

And or how exactly does this have to be contractually clarified or formulated?I would be very happy to receive feedback.

Again, the structure depends on the kind of relationship, even if the transfer of data in third countries is involved. In our Toolkit, you can find the template that helps you to draft the joint controllers’ agreement and the controller-processor agreement from the perspective you are a controller either a processor. You can also purchase templates individually.

Here you can find more information about the controller and processor obligation:

If you need to understand how controllers need to comply with GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 04, 2021

Feb 04, 2021

Suggested Topics

Guest user Created:   Sep 23, 2024 EU GDPR
Replies: 1
0 0

Are partners classed as individuals?

Guest user Created:   Feb 23, 2023 EU GDPR
Replies: 1
0 0

Data privacy question