Joint controller of personal data
FORMAL ANSWER
A joint controller of personal data is a controller which, together with another controller, determines the purposes and means of processing personal data (Article 26(1) GDPR).
PRACTICAL ANSWER
If at least two entities actually control why and how data are processed, each of them is a joint controller. Example: “A travel agency, hotel chain and airline decide to set up a joint online platform to improve cooperation in managing tourist bookings. They agree on important elements of the processing methods to be applied, for example what data will be stored, how a booking will be assigned and confirmed, and who may access the stored information. They also decide to exchange their customers’ data for integrated marketing activities” [source: Article 29 Working Party, Opinion 1/2010 on the concepts of “controller” and “processor” (00264/10/EN, WP 169), adopted 16 February 2010, p. 22].
MORE
- You can find more information in the article: Joint controllers — what changes under the GDPR


