Separate Data Controllers Agreement

Separate Data Controllers Agreement

· Treatment is necessary to carry out a contract to which the person concerned is a party. In accordance with Article 5 of the RGPD, personal data must be collected for specific, explicit and legitimate purposes, and then processed in a safe and transparent manner, in accordance with the original purpose of its collection. Processing managers must also ensure that all personal data is kept properly, up-to-date and in a form that will no longer identify the individuals involved as necessary because of the purpose of the processing. In addition, in accordance with Article 6 of the RGPD, in order for the processing operation to be legal, one of the following points must apply: the EC article on the controller processor (with an example of a common processor manager!) Article 32 of the RGPD stipulates that processing managers (and subcontractors) must take technical and organisational measures to ensure the security of personal data. These measures are taken taking into account the context, purpose and risk associated with data processing activities, to ensure that all personal data remains confidential and secure. When they work with others, these multi-control scenarios, in which data is shared by multiple controllers, are very complex situations that require additional organization, attention and insight. A real estate management company manages university residences for the owner, the university. The company enters into lease agreements with students on behalf of the university and chases all rent arrears. She collects the rent and hands it to the university after a commission. Those responsible for processing must inform those concerned of the personal investigations, the purposes of this collection and the many other modalities of their processing activities, in accordance with Articles 12, 13 and 14 of the RGPD, as soon as the data is collected. The most effective way to do this is to ensure that a data protection statement is available. This privacy policy must be concise, transparent, understandable and easily accessible with clear language. As a general rule, this information is transmitted in writing (including electronic means), unless the person concerned requests oral information (we think it is always better to process things in writing).

Many companies seem reluctant to enter into controller/processor or controller/controller agreements. I constantly run into arguments from other companies that “we are a separate data manager” in situations where information is provided to them by another company. One of the essential practical characteristics of common air traffic controllers is that they “share their respective responsibilities for respecting” the RGPD between and between them. 4 In other words, when two companies are separate controllers, each company is responsible for meeting all the requirements of the RGPD independently.

Share this post