* A luxury shopping brand, a luxury car manufacturer and a bank together create an event that people sign up for. Based on the data collected, they communicate to the people who registered the details of the event (and other questions related to the event). The data is not used for any other purpose. The brand, the car manufacturer and the bank are common data controllers. * After the event, each organization within its own organization uses the personal data of the data subjects who have chosen to obtain further information from that organization. They are not joint controllers of this data, as it is not processed for common purposes. The written contract must define the object, duration, nature and purpose of the processing and define the types (categories) of the personal data and the persons concerned by the processing. Below are some general topics that need to be addressed in the agreements. 1.1.4 “data protection laws” means your data protection legislation and, where applicable, the data protection legislation of another country; The processor should be able to demonstrate to the controller an approach to information security, expertise, reliability, resources, compliance with the principles and the exercise of its rights in compliance with the requirements of the GDPR. This helps the controller to determine whether sufficient safeguards have been fulfilled. It may be advisable to have an agreement or understanding with the receiving controller, even if there is no flat-rate requirement for a written contract (such as for data release between the controller and the processor). Therefore, where personal data are used for the same or combined purposes, they may be joint controllers. This is a distinction between independent controllers who may share data, but who separately determine how that data is used.
If two managers use the same data for different purposes, they would be independent controllers. For the agreement to be effective, the parties must agree that it is feasible and practical. Both parties must sign it. However, there are a number of clauses to include in a data-sharing agreement: Article 26 also states that the core of the agreement must be made available to data subjects (probably in data protection notices) and that a contact point may be designated for data subjects. . . .