The concept of joint controllers in EU law, in contrast to a distinction between controllers and processors, has not been seen thus far as particularly controversial nor widely discussed. However, it is now explicitly provisioned by the GDPR that joint controllers are two or more controllers that jointly determine the purposes and means of processing. Because of the multitude of possible arrangements, it is not possible to draw up an exhaustive list or categorization of the different kinds of “joint control.” Piotr Foitzik, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, explores how to determine if you’re a joint controller and what that means for your compliance with the GDPR.
Full Story