Each of these entities will have to for example take or keep its own register of processing activities. Entities that are joint controllers based on the arrangements made may transfer personal data to each other and do not need any additional legal basis for this. This distinguishes joint control from the case of sharing personal data . In the latter situation personal data is transferred from one administrator to another entity which also becomes the personal data administrator and will process it for its own purpose.
In order for disclosure to take place the controller providing personal data must have one of the grounds specified in Art. section or art. section GDPR e.g. the data subject has consented to making the data available to another administrator Phone Number List or a legal provision obliges the administrator to make the data available to another administrator . The administrator recipient must also have a legal basis for processing personal data for its own needs. Sharing the content of arrangements As stated in Art. GDPR joint controllers should provide the entities whose personal data they process with the main content of the arrangements.
The GDPR does not specify how this should be done or what the "essential content" of the arrangements should contain. When adopting an interpretation of the provisions that is most favorable to data subjects it should be considered that this is information that will allow the data subject to exercise his or her rights. It is recommended to make the content of such arrangements available as widely as possible through various channels. In my opinion a practical solution is to provide the content of the arrangements together with the implementation of the information obligation.
發表於 2023-12-11 13:01:36
