§ GDPR · Article 26
GDPR Article 26: Obligations, Deadlines & Penalties
At a glance
Article 26 of the GDPR imposes 4 obligations on controller.
§ Obligations
All obligations under Article 26
Obligation 1
Joint controllers shall determine their respective responsibilities for compliance with the Regulation, particularly regarding data subject rights and information duties, by means of an arrangement between them.
Regulation (EU) 2016/679, Article 26, Article 26
- Obligated entity
-
controller
- Action required
-
determine
- Deadline
-
—
- Penalty
-
—
- Exemptions
- Where respective responsibilities are determined by Union or Member State law.
Obligation 2
The arrangement between joint controllers may designate a contact point for data subjects.
Regulation (EU) 2016/679, Article 26, Article 26
- Obligated entity
-
controller
- Action required
-
designate
- Deadline
-
—
- Penalty
-
—
Obligation 3
The arrangement between joint controllers shall duly reflect their respective roles and relationships vis-à-vis the data subjects.
Regulation (EU) 2016/679, Article 26, Article 26
- Obligated entity
-
controller
- Action required
-
reflect
- Deadline
-
—
- Penalty
-
—
Obligation 4
The essence of the arrangement between joint controllers shall be made available to the data subject.
Regulation (EU) 2016/679, Article 26, Article 26
- Obligated entity
-
controller
- Action required
-
make available
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 26
Who must comply with Article 26 of the GDPR?
+
controller.
What does Article 26 of the GDPR require?
+
determine designate reflect