Joint data controllers – Article 26

Joint data controller is when the company, together with one or more parties, jointly decides why personal data should be processed and how personal data should be processed. This can only be considered if your company and this/these parties together have a responsibility for the processing and if all parties have the right to use the information for their own purposes.

If this is the case, remember to enter into a joint data liability agreement so that each party’s respective responsibilities are disclaimed.

Type of processing

Describe the type of processing that the data recipient carries out on behalf of your company.

IT systems / information assets

In this field, you can add IT systems / information assets

  1. Turn this on if IT systems/information assets are owned. If this is turned off, points 2 and 3 disappear.
  2. Clicking on this field will open a list of various IT systems / information assets.
  3. If an IT system / information asset is missing in section 2, you can click here and add one. It will open a form to fill out. There are information boxes for all fields in the form.


Security measures

Clicking on this field will open a list of security measures for you to choose from.

Is the data recipient located in an unsafe third country?

By clicking on this field, you will be given the option to select ‘yes’, ‘no’ or ‘unknown’. If you choose ‘yes’, this will open a new field below where you must enter which country the transfer takes place to.

If transfer takes place to a data recipient located in an unsafe third country, it will be necessary to fill out a TIA. Read more about filling out a TIA here. 

Has an agreement on joint controllership been entered into?

In the case of joint data responsibility, an agreement must be entered into on the joint data responsibility, which describes the parties’ mutual relationship, their respective responsibilities, as well as the internal distribution of responsibilities and obligations regarding the processing and exchange of personal data that takes place between them. By tapping on this field, you will be given the option to select ‘yes’, ‘no’ or ‘unknown’.

Please notice,

All parties are responsible for the entire processing; the agreement entered between the parties does not relieve a party of responsibility for the overall processing. The agreement entered is uploaded below.

Completion of form regarding data recipients.

In the ‘comments on the above’ field, you can write comments that you find relevant to the content of the form.

You can add files at the bottom of the form by dragging them into the box or pressing ‘select files’. When you press ‘choose files’ a window opens where you can find the file in your documents.

When you are done filling out the form of the data recipient, click on the button in the lower right corner. It will say ‘update’ if you have edited and already created data recipient, and ‘create’ if it is a new data recipient you have created.

Please notice,

If you tap the cross in the upper right corner, the form will automatically open a window asking if you want to discard changes. By pressing ok, you close the process without saving your changes. If you want to save the changes, press cancel in this window and close the document at the bottom of the form in the right corner.


GapSolutions A/S
Uraniavej 6, 1.
DK-8700 Horsens


CVR-nr. 38582356


Sales & administration
(+45) 8844 0808

Helpline & consultants
(+45) 2199 0808



Privacy policy