Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Section 3.1 Definition of joint controllers

43. The qualification as joint controllers may arise where more than one actor is involved in the processing.

44. While the concept is not new and already existed under Directive 95/46/EC, the GDPR, in its Article 26, introduces specific rules for joint controllers and sets a framework to govern their relationship. In addition, the Court of Justice of the European Union (CJEU) in recent rulings has brought clarifications on this concept and its implications.

45. As further elaborated in Part II ,section2, the qualification of joint controllers  will mainly haveconsequences in terms of allocation of obligations for compliance with data protection rules and in particular with respect to the rights of individuals.

46. In this perspective, the following section aims to provide guidance on the concept of joint controllers in accordance with the GDPR and the CJEU case law to assist entities in determining where they may be acting as joint controllers and applying the concept in practice.