Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Gibraltar: GRA publishes guidance on controllers and processors under the Gibraltar GDPR
The Gibraltar Regulatory Authority ('GRA') published, on 18 March 2021, guidance on the concepts of the controller and processor in accordance with the Gibraltar General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Data Protection Act 2004. In particular, the guidance addresses the definitions of 'data controller' and 'data processor', their roles, and joint controllership, as well as including examples to illustrate the above. Specifically, in relation to joint controllers, the guidance recommends assessing joint controllership through assessing common decisions and converging decisions, as well as noting that one entity not having access to personal data is not sufficient to exclude joint controllership. In addition, the guidance includes recommendations on the relationship between controllers and processors, including the contract governing their relationship, and the requirement for processors to process personal data on the basis of documented instructions by the controller.
You can read the announcement here and download the guidance here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
