Data sharing agreement (mutual)

Price:  £55.00(Inc. 20% VAT)(£45.83 Exc. VAT)

An agreement for controller-to-controller sharing of personal data, where the personal data may travel in both directions.


This is a mutual (i.e. two-way) data sharing agreement, which has been designed for use in the situation where two organisations are sharing personal data, and each organisation is acting as a controller with respect to the shared personal data, rather than a processor. They may be acting as joint controllers or as independent controllers.

A controller, under the GDPR, is a person who determines the purposes and means of processing of the personal data; whereas a processor is a person acting on behalf of a controller. Where parties are joint controllers, they together determine the purposes and means.

Although there is no general requirement in the GDPR for controllers to enter into contracts with other controllers when sharing data, the general principles of data protection law mean that, in some circumstances, a contract may be required to ensure compliance.

The clauses of this data sharing agreement are similar in some respects to the clauses you might find in a data processing agreement. They cover the same types of subject matter - purposes of processing, security, co-operation, etc - but with more flexibility. When editing this document, you should take care to ensure that you do not transform the relationship into a controller-processor type relationship.  Such relationships should be governed by a data processing agreement meeting the specific requirements of Article 28 of the GDPR.

AGREEMENT
  1. Definitions
  2. Term
  3. Obligations to share Personal Data
  4. Data quality
  5. No special categories
  6. Parties acting as controllers
  7. Parties acting as controllers
  8. Compliance with Data Protection Laws
  9. Further disclosure of Shared Personal Data
  10. International transfers of Shared Personal Data
  11. Shared Personal Data and supervisory authorities
  12. Shared Personal Data and data subject rights
  13. Security of Shared Personal Data
  14. Data breaches involving Shared Personal Data
  15. Retention and deletion
  16. Compliance audit
  17. Changes to Data Protection Laws
  18. Confidentiality obligations
  19. Warranties
  20. Indemnities
  21. Limitations and exclusions of liability
  22. Termination
  23. Effects of termination
  24. Notices
  25. General
  26. Interpretation
SCHEDULE 1 (DATA PROTECTION INFORMATION NOTICES)
  1. First Party data protection information notice
  2. Second Party data protection information notice
SCHEDULE 2 (MODEL CONTRACTUAL CLAUSES)
SCHEDULE 3 (SECURITY MEASURES)
  1. First Party security measures
  2. Second Party security measures

This template is supplied in Word (.doc) format and is 30 pages long, including 11 pages of guidance notes.

A copy of this data sharing agreement (mutual) is included in the following pack:


Customers who bought this item also bought: