Joint Data Controllers. This is where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers (see GDPR Article
Joint Data Controllers. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14 of the GDPR, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject. The arrangement may designate a contact point for data subjects;
Joint Data Controllers. The Regulatory Reform (Collaboration etc between Ombudsmen) Order 2007 inserted powers into the Parliamentary Commissioner Xxx 0000, the Health Service Commissioners Xxx 0000 and the Local Government Act 1974 to give LGSCO and PHSO specific powers to share information ‘for the purposes of a complaint’ and to conduct joint investigations, subject to the consent of the complainant to do a joint investigation. This consent may initially be obtained over the telephone, but will be followed up by written consent. (See forms at Appendix 1.) Information will only be passed from one organisation to the other once the consent of the individual concerned has been obtained. This consent will be recorded on both organisations’ case management systems. The key legislative provisions of both organisations allowing data sharing are set out in Appendix 2. A complainant is provided with information about how their personal data will be processed (“fair processing information”) when they submit their complaint, in the form of a privacy statement. When we decide that the Joint Working Team will investigate the complaint, further information will be provided to the complainant on how their data will be handled in a fact sheet from the Joint Working Team. This will be provided at the point that either PHSO decides to pass the case to LGSCO for a joint working assessment decision or LGSCO decides to pass the case to the joint working assessors for assessment. Under Article 26 of the General Data Protection Regulation (GDPR), where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. And under Section 5(2) of the Data Protection Act where an organisation is required by law to process personal data, it must retain data controller responsibility for the processing. Although the Joint Team work in the LGSCO environment and using LGSCO systems, PHSO will retain data controller responsibility along with LGSCO. LGSCO and PHSO will therefore be joint data controllers for data held in joint investigations carried out by the Joint Working Team. Both organisations will receive complaints. Where PHSO receives a complaint which may be a joint working case, they will pass the case to LGSCO for a joint working assessment, along with the necessary consent from the complainant. If LGSCO decides there are elements within the two jurisdictions that should be investigated, the complaint should be handled by the Joint Working Team. Relevan...
Joint Data Controllers. This is where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers (see GDPR Article 26). For C&M HCP this is the responsibilities of partner organisations when they are acting as joint data controllers in delivering health and care utilising the information available from the shared records from each participating organisation. The partner organisations will comply with their data protection and other legal obligations in relation to the processing of personal data with the C&M HCP provisions. The GDPR also requires that joint controllers determine their respective responsibilities for compliance “...in a transparent manner...by means of an arrangement between them...” The C&M HCP Data Sharing Agreements meet this requirement of determining respective responsibilities for compliance. The GDPR further requires that the arrangement “...shall duly reflect the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangement shall be made available to the data subject.” Collectively Signatories are responsible for: • reviewing and monitoring the effectiveness of the arrangement and amending when required; • administering membership of, and compliance with, the agreement; • fostering a culture of data sharing among Signatories; • supporting the development of Data Sharing and Processing Agreements; and • sharing and promoting best practice. In addition, individually each Signatory shall accept responsibility for independently or jointly auditing its own compliance with the Data Sharing Agreement to which it is a Signatory on a regular basis (at least annually) and provide assurance of compliance to the C&M HCP Board. Partners to the Tier Zero will ensure that personal information is transferred and shared in a secure manner. Any electronic transfer or other risk media are the subject of local Data Sharing Agreements (Tier Two), and organisational Safe Haven Policy and procedures. Staff either representing the partners or who will facilitate this Tier One or related local Data Sharing Agreements (Tier Two) shall be identified by name. Those responsible for information sharing at an operational level shall also be named as part of any individual local agreements. Furthermore, it is the responsibility of the partner organisations to ensure that such information is always kept up to date. Staff representing the partners to the Tier Zero should only have...
Joint Data Controllers. 2.1 This clause 2 sets out the framework for the sharing and use of personal data between the Parties as data controllers. Each Party acknowledges that they will disclose (as a Data Discloser) to the other Party (as a Data Recipient) and its Permitted Recipients the Shared Personal Data for the Agreed Purposes, whereby:
2.1.1 Shared Personal Data shall be confined to the following categories of information relevant to the following categories of data subject:
2.1.1.1 contact details of Xxxx'x Authorised Representatives and the Contractor, and any other of Xxxx or the Contractor's employees or workers, to include as applicable;
a. name,
b. role
c. telephone number,
d. email address, and
e. any other details reasonably required.
2.1.2 Agreed Purposes shall mean the processing of personal data between Xxxx and the Contractor to fulfil their respective contractual obligations under this Agreement.
2.1.3 Permitted Recipients shall mean Xxxx and the Contractor, and the employees of each Party, acting in relation to the Agreed Purposes.
2.1.4 Each Party shall comply with all the obligations imposed on a controller under the Data Protection Legislation.
2.1.5 Xxxx shall act as the initial point of contact for data subjects in respect of the Shared Personal Data.
2.2 Each Party acting as Data Discloser in relation to the Agreed Purposes shall, in providing personal data which is not solely personal to them:
2.2.1 ensure that it has all necessary notices and consents in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;
2.2.2 give full information to any data subject whose personal data may be processed under this agreement of the nature such processing under Article 13 and 14 of the GDPR. This includes giving notice that, on the termination of this agreement, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees;
2.2.3 otherwise take primary responsibility in respect of the Shared Personal Data it has transferred for:
2.2.3.1 responding to data subject requests under Articles 15-22 of the GDPR;
2.2.3.2 notifying the Information Commissioner (and data subjects) where necessary about data breaches; and
2.2.3.3 maintaining records of processing under Article 30 of the GDPR.
2.3 Each Party acting as Data Recipient shall:
2.3.1 process the Shared Personal Data only for the Agreed Purposes;
2.3.2 not disc...
Joint Data Controllers. The Regulatory Reform (Collaboration etc between Ombudsmen) Order 2007 inserted powers into the Parliamentary Commissioner Xxx 0000, the Health Service Commissioners Xxx 0000 and the Local Government Act 1974 to give LGO and PHSO specific powers to share information ‘for the purposes of a complaint’ and to conduct joint investigations, subject to the consent of the complainant to do a joint investigation. (See forms at Appendix 1.) Information will only be passed from one organisation to the other once the consent of the individual concerned has been obtained. This consent will be recorded on both organisations’ case management systems. The key legislative provisions of both organisations allowing data sharing are set out in Appendix 2. At that stage the complainant will be provided with information about how their personal data will be processed (“fair processing information”) for the purpose of investigating their complaint. This will be provided by the organisation seeking consent at the point that the decision is made to transfer the case to the other body for an assessment decision, or to the Joint Working team for investigation.
Joint Data Controllers. 2.1 This clause 2 sets out the framework for the sharing and use of personal data between the Parties as data controllers. Each Party acknowledges that they will disclose (as a Data Discloser) to the other Party (as a Data Recipient) and its Permitted Recipients the Shared Personal Data for the Agreed Purposes, whereby:
2.1.1 Shared Personal Data shall be confined to the following categories of information relevant to the following categories of data subject:
2.1.1.1 contact details of Xxxx and the Supplier's employees, to include;
a. name,
b. role as employee, c. telephone number,
Joint Data Controllers. In the event that the Manager and the Depositary qualify as joint data controllers (i.
Joint Data Controllers. 9.1 Article 26 of the GDPR defines a joint controller as follows: ”where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers”. The Department together with DCEDIY and the Managerial Authorities and Chief Executives are deemed to be joint data controllers in respect of the data processed. This Circular outlines the Joint Controller arrangement between the Department, DCEDIY and schools.
9.2 The purpose of this arrangement is to define the relationship and respective obligations to data subjects of both Managerial Authorities and Chief Executives, DCEDIY and the Department. In so doing all parties have determined their respective responsibilities for compliance with the obligations under the DP Acts and GDPR, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14 of the GDPR.
9.3 The parties agree not to transfer the data outside of the European Economic Area without putting appropriate safeguards in place, as set out in the GDPR.
9.4 The parties will ensure that the personal data covered by this arrangement will not be further processed in a manner that is incompatible with the purposes for which it was originally collected.
9.5 The parties are permitted to appoint Data Processors to process personal data under this arrangement, in accordance with Data Protection legislation.
Joint Data Controllers. If and to the extent that the parties shall later determine that their arrangement has become one of joint Data Controllers, they shall comply with the requirements set out in article 26 of the GDPR.