Data Protection Act 2018
Joint controllers
79. (1) Where 2 or more controllers jointly determine the purposes and means of the processing of personal data (in this Part referred to as “joint controllers”), they shall determine their respective responsibilities for compliance with this Part in a transparent manner by means of an agreement in writing between them, save in so far as the said responsibilities are determined by the law of the European Union or the law of the State.
(2) An agreement in writing referred to in subsection (1)—
(a) shall include a determination of—
(i) the respective responsibilities of the joint controllers concerned as regards the exercise by data subjects of their rights under this Part, and
(ii) the respective duties of the joint controllers concerned as regards the provision to a data subject of the information specified in section 90(2),
and
(b) may designate a single point of contact in respect of the processing concerned for the data subject to whom it relates, where such designation is not otherwise determined by the law of the State.