Since the RGPD is much less prescriptive when it comes to sharing with controllers than for transfers to processors, it will probably take some time for the practice to be regulated. I am writing a paper on data sharing, and it is a very useful summary of all the considerations to consider. You need to understand the definitions of the controller and processor, as specified in the RGPD. This distinction is important for situations where data can be exchanged. It may be helpful to have an understanding or agreement with the receiver controller, even if there is no general requirement for a written contract (such as data sharing with the controller processor). A data exchange agreement is a formal contract that clearly documents what data is disclosed and how the data can be used. Such an agreement has two objectives. First, it protects the authority that provides the data and ensures that the data is not misused. LocalActivities is therefore responsible for ensuring and demonstrating compliance with data protection principles for this processing, even if the actual processing is done by another company.
Sharing controller processors is most common when a controller uses a service that includes processing or storing personal data. It is a good practice to have an agreement on the exchange of data. It is useful to classify sharing in order to have a clear idea of these legal implications and to better understand the steps you should take to facilitate compliance with the RGPD. In this article, I emphasize the main categories and distinctions. I am thinking in particular of the contractual agreements that organizations may need under the RGPD. Examples of common treatment managers working in the community and voluntary sectors can jointly define the purposes and means of processing personal data in situations where: again, in the event of non-compliance with transfers to affected persons and unregulated parties, there are five common possibilities for categorizing sharing by subcontractors on the basis of the recipient`s role under the DSGVO. (e) taking into account the nature of the treatment, assisting the person in charge of the processing by appropriate technical and organisational measures in accordance with the obligation of the person in charge to respond to requests for the exercise of the rights of the person concerned, in accordance with Chapter III; There is no specific legislation (for example. B specific contractual clauses) for the sharing of responsible independent data.