Hi Michelle,
I would have thought that it's about purpose - where acting jointly for the same purpose then 'joint' controllers can set out who is responsible for what as they are jointly liable (taking account of who is best equiped to respond/comply with SARs etc). Indeed, without that 'agreement' there may be a mix up, leading to non-compliance.
Where data is shared but processed independently (in common) each data controller will be individually responsible for that particular processing i.e. both separately deliver all the responsibilities of the Act.
Interested to hear other views, though.
Cheers,
Jackie.
Jackie Milne | Legal Information Specialist | JISC Legal | T 0141 548 4939 | E [log in to unmask]
Visit our website: www.jisclegal.ac.uk
Subscribe to our newsletter: www.jisclegal.ac.uk/newsletter
Follow us on Twitter: twitter.com/jisclegal
Tune in via Vimeo: vimeo.com/jisclegal
Linkedin: www.linkedin.com/company/jisc-legal
JISC Legal is hosted by the University of Strathclyde, a charitable body, registered in Scotland, with registration number SC015263
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|