Data sharing agreement

Price:  £39.50(Inc. 20% VAT)(£32.92 Exc. VAT)

An agreement for controller-to-controller sharing of personal data, where the personal data may travel in both directions or in only one direction.

Author: Alasdair Taylor
Updated: 21 March 2024
Length: 17 pages (min.)
Notes: 11 pages (min.)
Format: MS Word (.DOCX)

This is a data sharing agreement, available in both unilateral (one-way) and mutual (two-way) forms.  The data sharing agreement has been designed for use in the situation where two organisations are sharing personal data, and each organisation is acting as a controller with respect to the shared personal data, rather than a processor. They may be acting as joint controllers or as independent controllers.

A controller, under the GDPR, is a person who determines the purposes and means of processing of the personal data; whereas a processor is a person acting on behalf of a controller. 

Although there is no general requirement in the GDPR for controllers to enter into contracts with other controllers when sharing data, the general principles of data protection law mean that, in some circumstances, a contract may be required to ensure compliance.

The clauses of this data sharing agreement are similar in some respects to the clauses you might find in a data processing agreement. They cover the same types of subject matter - purposes of processing, security, co-operation, etc - but with more flexibility. When editing this document, you should take care to ensure that you do not transform the relationship into a controller-processor type relationship.  Such relationships should be governed by a data processing agreement meeting the specific requirements of Article 28 of the GDPR.

  1. Definitions
  2. Term
  3. Obligations to share Personal Data
  4. Data quality
  5. No special categories
  6. Parties acting as controllers
  7. Compliance with Data Protection Laws
  8. Further disclosure of Shared Personal Data
  9. International transfers of Shared Personal Data
  10. Shared Personal Data and supervisory authorities
  11. Shared Personal Data and data subject rights
  12. Security of Shared Personal Data
  13. Data breaches involving Shared Personal Data
  14. Retention and deletion
  15. Compliance audit
  16. Changes to Data Protection Laws
  17. Confidentiality obligations
  18. Warranties
  19. Indemnities
  20. Limitations and exclusions of liability
  21. Termination
  22. Effects of termination
  23. Notices
  24. General
  25. Interpretation





Copies of both of the versions of this data sharing agreement are included in the following pack:

Be the first to write a review of this template using our brand new review system.