Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
GDPR — Table of Contents

AI-generated summary

This provision governs joint controllership, requiring that where two or more controllers jointly determine the purposes and means of processing, they must transparently allocate their respective responsibilities through a formal arrangement. Regardless of the terms of such arrangement, data subjects may exercise their rights against any of the joint controllers.

Art. 26 GDPR

Joint controllers

(1.)Where two or more controllers jointly determine the purposes and means of , they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject. The arrangement may designate a contact point for data subjects.
(2.)The arrangement referred to in paragraph 1 shall duly reflect the respective roles and relationships of the joint controllersthe data subjects. The essence of the arrangement shall be made available to the data subject. vis-à-vis
(3.)Irrespective of the terms of the arrangement referred to in paragraph 1, the data subject may exercise his or her rights under this Regulation in respect of and against each of the controllers.
Source:
EUR-Lex CELEX 02016R0679-20160504
Citation:
OJ L 119, 04.05.2016, p. 1; corrected by OJ L 127, 23.05.2018, p. 2
As of:
2016-05-04
Retrieved:
2026-02-25