Joint Data Controllers. This is where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers (see GDPR Article
Joint Data Controllers. The Regulatory Reform (Collaboration etc between Ombudsmen) Order 2007 inserted powers into the Parliamentary Commissioner Xxx 0000, the Health Service Commissioners Xxx 0000 and the Local Government Act 1974 to give LGSCO and PHSO specific powers to share information ‘for the purposes of a complaint’ and to conduct joint investigations, subject to the consent of the complainant to do a joint investigation. This consent may initially be obtained over the telephone, but will be followed up by written consent. (See forms at Appendix 1.) Information will only be passed from one organisation to the other once the consent of the individual concerned has been obtained. This consent will be recorded on both organisations’ case management systems. The key legislative provisions of both organisations allowing data sharing are set out in Appendix 2. A complainant is provided with information about how their personal data will be processed (“fair processing information”) when they submit their complaint, in the form of a privacy statement. When we decide that the Joint Working Team will investigate the complaint, further information will be provided to the complainant on how their data will be handled in a fact sheet from the Joint Working Team. This will be provided at the point that either PHSO decides to pass the case to LGSCO for a joint working assessment decision or LGSCO decides to pass the case to the joint working assessors for assessment. Under Article 26 of the General Data Protection Regulation (GDPR), where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. And under Section 5(2) of the Data Protection Act where an organisation is required by law to process personal data, it must retain data controller responsibility for the processing. Although the Joint Team work in the LGSCO environment and using LGSCO systems, PHSO will retain data controller responsibility along with LGSCO. LGSCO and PHSO will therefore be joint data controllers for data held in joint investigations carried out by the Joint Working Team. Both organisations will receive complaints. Where PHSO receives a complaint which may be a joint working case, they will pass the case to LGSCO for a joint working assessment, along with the necessary consent from the complainant. If LGSCO decides there are elements within the two jurisdictions that should be investigated, the complaint should be handled by the Joint Working Team. Relevan...
Joint Data Controllers. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14 of the GDPR, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject. The arrangement may designate a contact point for data subjects;
Joint Data Controllers. This is where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers (see GDPR Article 26). For C&M ICS this is the responsibilities of partner organisations when they are acting as joint data controllers in delivering health and care utilising the information available from the shared records from each participating organisation. The partner organisations will comply with their data protection and other legal obligations in relation to the processing of personal data with the C&M ICS provisions. The GDPR also requires that joint controllers determine their respective responsibilities for compliance “...in a transparent manner...by means of an arrangement between them...” The C&M ICS Data Sharing Agreements meet this requirement of determining respective responsibilities for compliance. The GDPR further requires that the arrangement “...shall duly reflect the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangement shall be made available to the data subject.” Collectively Signatories are responsible for: • reviewing and monitoring the effectiveness of the arrangement and amending when required; • administering membership of, and compliance with, the agreement; • fostering a culture of data sharing among Signatories; • supporting the development of Data Sharing and Processing Agreements; and • sharing and promoting best practice. In addition, individually each Signatory shall accept responsibility for independently or jointly auditing its own compliance with the Data Sharing Agreement to which it is a Signatory on a regular basis (at least annually) and provide assurance of compliance to the C&M ICB Board. Partners to the Tier Zero will ensure that personal information is transferred and shared in a secure manner. Any electronic transfer or other risk media are the subject of local Data Sharing Agreements (Tier Two), and organisational Safe Haven Policy and procedures. Staff either representing the partners or who will facilitate this Tier One or related local Data Sharing Agreements (Tier Two) shall be identified by name. Those responsible for information sharing at an operational level shall also be named as part of any individual local agreements. Furthermore, it is the responsibility of the partner organisations to ensure that such information is always kept up to date. Staff representing the partners to the Tier Zero should only have...
Joint Data Controllers. If and to the extent that the parties shall later determine that their arrangement has become one of joint Data Controllers, they shall comply with the requirements set out in article 26 of the GDPR.
Joint Data Controllers. In the event that the Manager and the Depositary qualify as joint data controllers (i.
Joint Data Controllers. 2.1 Customer and Provider agree that for the purposes of Data Protection Legislation that they shall be joint Data Controllers in respect of any Personal Data which is inherent in the Customer Data.
2.2 Each party shall take steps to ensure that its employees are informed of its obligations in relation to Personal Data that it collects, transfers or holds.
Joint Data Controllers. 2.1 This clause 2 sets out the framework for the sharing and use of personal data between the Parties as data controllers. Each Party acknowledges that they will disclose (as a Data Discloser) to the other Party (as a Data Recipient) and its Permitted Recipients the Shared Personal Data for the Agreed Purposes, whereby:
2.1.1 Shared Personal Data shall be confined to the following categories of information relevant to the following categories of data subject:
2.1.1.1 contact details of Xxxx and the Supplier's employees, to include;
a. name,
b. role as employee, c. telephone number,
Joint Data Controllers. Controller 1 and Controller 2 together and who establish the purpose and measures of personal data processing.
Joint Data Controllers. 9.1 Article 26 of the GDPR defines a joint controller as follows: ”where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers”. The Department together with DCEDIY and the Managerial Authorities and Chief Executives are deemed to be joint data controllers in respect of the data processed. This Circular outlines the Joint Controller arrangement between the Department, DCEDIY and schools.
9.2 The purpose of this arrangement is to define the relationship and respective obligations to data subjects of both Managerial Authorities and Chief Executives, DCEDIY and the Department. In so doing all parties have determined their respective responsibilities for compliance with the obligations under the DP Acts and GDPR, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14 of the GDPR.
9.3 The parties agree not to transfer the data outside of the European Economic Area without putting appropriate safeguards in place, as set out in the GDPR.
9.4 The parties will ensure that the personal data covered by this arrangement will not be further processed in a manner that is incompatible with the purposes for which it was originally collected.
9.5 The parties are permitted to appoint Data Processors to process personal data under this arrangement, in accordance with Data Protection legislation.