Videos
Season 1

Subprocessor or joint data controller?

By
Patrick TIEV
Partagez cet article

Compliance with the GDPR requires the identification of each personal data subcontractor.

Indeed, the compliance of a data controller does not end with the processing of personal data that he carries out directly but extends to subcontracted processing.

Identifying subcontractors is a prerequisite for two obligations:

  • Ensure that Subcontractors provide sufficient guarantees as to measures to protect personal data
  • Supervise and formalize each subcontracting relationship in a contract or a written legal act.

To comply with these obligations, you must first map all of your personal data subcontractors. However, identifying a subcontractor can be a delicate exercise. In question, a border between subcontracting and joint responsibility that is sometimes difficult to delineate.

In this video, I go back to this exercise and give you the keys to distinguish a subcontractor from a joint data controller:

  • The distinction between determination of purpose and determination of means
  • The set of clues to determine autonomy, an exclusive characteristic of the data controller

The latest news

News

Adequacy obtains the EcoVadis gold medal: a recognition of our CSR commitment

Alessandro Fiorentino
News

Adequacy ranked best GDPR compliance software by Déciders Magazine

Alessandro Fiorentino
Extraterritorial Laws and Related Laws

Data Privacy Framework: 3 factors of an inevitable shock

Alessandro Fiorentino

They have trusted us for years

Used by over 10,000 legal entities

Discover Adequacy

One of our experts introduces Adequacy to you in a real situation.
Let's discover together how Adequacy adapts to your reality on the ground.
Request a quote