🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 26 of the GDPR: Joint controllers

Home GDPR articles decrypted Article 26 of the GDPR: Joint controllers

Article 26 of the GDPR regulates the situations in which several entities jointly determine the purposes and means of the processing personal data. In this case, they are considered joint controllers and must organize their cooperation.

Article 26 of the GDPR explained

When two or more controllers together determine the purposes and means of the processing, they must:

  • Transparently define their respective responsibilities (information, exercise of rights, security...);
  • Formalize their agreement, in particular in a clear contract accessible to the people concerned;
  • Allow data subjects to exercise their rights with either of those responsible.

Why is this article important for your GDPR compliance?

Partnerships, commercial co-responsibilities or joint projects are common. This item guarantees a legal clarity between the parties, and prevents liability from being unclear in the event of a dispute or complaint from a data subject.

How to comply with Article 26 of the GDPR?

  • Identify situations joint responsibility (co-management, projects with partners).
  • Write one clear agreement between the parties, with distribution of obligations.
  • Make the elements of this agreement available to the persons concerned (in particular in your confidentiality policy).
  • Prepare to handle requests from affected individuals in a coordinated manner.

Examples of application of Article 26 of the GDPR

  • A marketing agency and its client together determine the purposes of a targeted campaign.
  • An online platform and a logistics provider share customer data management.
  • Two academic institutions co-manage a student database for a joint program.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject