The companies are joint controllers of the personal data processed in the context of the competition, since they have both decided on the purposes and means of the processing. Part 1 processes personal data for the performance of the work under the agreement. The ICO provides instructions for data exchange at //ico.org.uk/media/for-organisations/documents/1068/data_sharing_code_of_practice.pdf. This document has not yet been updated to reflect the GDPR, but it remains a useful guide. (iii) the ability to restore timely availability of and access to personal data in the event of a physical or technical incident; and the precise assessment whether you are transferring data to a processor, joint controller or other independent controller is essential, as the nature of the agreement you need to enter into varies depending on the nature of the other party. If in doubt, seek legal advice. Consent is not valid if you ask the data subjects to agree to receive direct marketing from « hand-picked partners » or any other similar generic description. Consent is not valid, even if a long list of general categories of organisations is made available to the individuals concerned. Data subjects may also request the rectification, deletion or blocking of their personal data. (v) where the controller is unable to access the relevant information, to assist the controller and, in any event, to provide without delay, at the expense of the data controller, appropriate assistance in responding to a request from a supervisory authority or data subject and to ensure compliance with its data protection security obligations; notifications of infringements, impact assessments and consultations with supervisory or regulatory authorities; 11.2 The Parties shall keep a register of access requests, decisions taken and all information exchanged.
. . .