How can we be a joint-controller?
If 2 or more controllers have a say in the purpose and means on the processing of personal data they are potentially joint controllers.
If there is a case of a joint controller situation then it needs to be clear in a contract between the controlling parties, who is controller and when. There must be a clear indication to the data subject, i.e. in the privacy notice who they should contact if they want to exercise their rights as per GDPR.
What am I? A controller or a processor?
Every organisation which has employees, is a controller to their employees. The factor which determines that the organisation is controller is that it decides on the purpose for employment, and why/how this is done. However, a controller to their ...
Which party is liable?
Making GDPR compliance easy with Privasee · Who is accountable? Are you a controller or a processor? Which party is liable? Who is the controller and who is the processor? The controller is liable for not selecting their processor with care; and ...
What makes consent legal?
Making GDPR compliance easy with Privasee · What is consent? What makes consent legal under GDPR? In order for consent to be legal it must be: informed consent that is data subject must know what they are consenting to. It must be freely-given in ...
What does having a legal obligation mean?
Making GDPR compliance easy with Privasee · Article 6c, legal obligation Article 6c, legal obligation. Processing is necessary for compliance with a legal obligation to which the controller is subject. Now, let's take this book you purchased on the ...
What does it mean that we have 72 hours to report a breach?
When you are data controllerFrom the moment a personal data breach has been confirmed, your organisation has 72 hours to decide (and report) if it presents a high risk of harm to the rights and freedoms of an individual and if so it must be reported ...