Determine whether a part is a controller or a processor Yes. Individuals can claim compensation from co-responsible persons in the same way as any single manager. Any joint controller is liable for all damage caused by the processing, unless he is able to demonstrate that he is in no way responsible for the event that causes the damage. The agreement between controllers is not relevant for these purposes. Subcontractors do not have the same obligations as those responsible for the GDPR and do not have to pay data protection fees. However, if you are a processor, you have a number of direct obligations under the GDPR. The data controller determines the purposes and means of processing personal data. Therefore, if your company/organization decides “why” and “how” personal data should be processed, this is the data controller. Employees who process personal data within your organization do so to fulfill your duties as a data controller.
Where one or more controllers jointly determine the purposes and means of the processing of the same personal data, they shall be jointly responsible. However, they are not jointly responsible persons when they process the same data for different purposes. Contracts and commitments between managers and subcontractors The OIC developed guidelines in 2014 to help organizations determine whether they are responsible or subcontractors, and they can be found here (“Old Guidelines”). This was updated after the implementation of the GDPR and can be viewed (here) and (here) (“New Instructions”). We have listed below the main points that you should keep in mind: you should be able to distinguish between controllers, joint controllers and subcontractors, so that you understand the GDPR obligations applicable to which organization. ☐ We have common rules for managing information with another controller. There are situations where an entity may be a data controller or a data processor, or both. The new guide contains the following checklists for determining whether you are a controller or a subcontractor: the company is a common controller of rental-related information, including rents.
It will decide what information it needs from residents to establish and manage leases, but will share this data with the university. The existence of joint `decision-making` is therefore of particular importance when determining whether there is a shared responsibility between two parties processing data. ☐ For this processing, we use the same personal data (e.g. B a database) than another manager. A house administration runs dormitories for the owner, the university. The company enters into rental agreements with students on behalf of the university and chases away any rent arrears. She collects the rent and transmits it to the university after taking a commission. In the meantime, we strongly recommend that all organisations refer to the new guidelines when determining the designation of a data protection party; and (2) meet the applicable requirements for relations with co-controllers with respect to all parties that the OIC considers to be joint controllers.
The following checklists indicate whether you are a controller, processor, or attached controller….