Joint controllership is, alongside the position of being controller and being processor under data protection law, the third constellation of responsibilities. This occurs when two or more controllers (companies) jointly determine the purposes and means of processing personal data. The most important prerequisite for joint controllership is therefore the joint decision on the purposes and means of processing personal data.
The most important consequences of shared responsibility are:
-
the obligation to transparently present this constellation, i.e. the naming of the companies jointly responsible, e.g. in the data protection declaration of the company website
-
the joint liability of the jointly responsible companies in the event of data protection violations or fines.