Q&As

When sharing personal data intra-group is an agreement required?

read titleRead full title
Published on LexisPSL on 30/01/2019

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • When sharing personal data intra-group is an agreement required?
  • Determining roles
  • Controller to processor—data processing arrangements
  • Controller to controller—data sharing arrangements

When sharing personal data intra-group is an agreement required?

This Q&A does not consider personal data sharing/transfers in relation to international transfers. For further guidance on international transfers, see Practice Note: International transfers of personal data under the GDPR.

The answer to this Q&A will depend on whether the personal data is being shared between subsidiary companies in a controller to controller or controller to processor relationship.

Determining roles

It is vital that organisations involved in the sharing or other processing of personal data understand and identify their roles (eg processor, independent controller or joint controller) under Regulation (EU) 2016/679, the General Data Protection Regulation (the GDPR). The role each party plays will establish the obligations of each party under data protection law and plays a vital part in allowing parties to identify the contractual and other risk mitigation steps they should take.

For further information

Popular documents