Data sharing agreement (unilateral)

The function of this data sharing agreement is to provide protection for personal data disclosed by one business to another, in line with the General Data Protection Regulation (GDPR) in both its EU and UK forms, taking account of the guidance on data sharing issued by the UK Information Commissioner's Office.

The data sharing agreement is intended for use in relation to controller-to-controller data sharing - in other words, where both the sharer and the recipient will use the personal data for their own purposes and via their own means.

The agreement assumes that the controllers are independent, and not joint controllers.

The core provisions of the data sharing contract cover: (i) obligations to share personal data and to ensure that the data meets identified quality requirements; (ii) a prohibition on sharing especially sensitive data (known as special categories of personal data in the GDPR); (iii) the identification of the parties as independent controllers; (iv) data protection compliance obligations; (v) onward disclosures and international transfers of the personal data; and (vi) responses to the actions of supervisory authorities and data subjects.

The agreement includes a standard confidentiality clause covering the shared data, as well as some basic warranties, indemnities and limitations of liability.

The template data sharing agreement does not include a licensing clause, and if the recipient of the data needs a licence, a separate licensing contract should be entered into. In that case, you will need to consider the relationship between the two contracts. For instance, should the termination of one lead automatically to the termination of the other?

Ask about this document

Data sharing agreement (unilateral) contents

Definitions: definitions; data protection terms.
Term: commencement of term; end of term.
Obligations to share Personal Data: obligation on
Supplier
to share personal data.
Data quality:
Supplier
to ensure data quality.
No special categories: no special categories of personal data to be shared by
Supplier
; no criminal conviction data to be shared by first party.
Parties acting as controllers: each party is independent controller of
Supplier
personal data; legal bases of sharing
Supplier
personal data (independent controllers); document does not apply to all personal data disclosed by
Supplier
.
Compliance with Data Protection Laws: compliance with data protection laws with respect to
Supplier
personal data;
Supplier
personal data collected in accordance with law; requirements relating to consent-based processing of personal data;
Supplier
responsible for meeting data protection transparency requirements; assistance in relation to compliance with data protection laws.
Further disclosure of
Supplier
Personal Data:
Recipient
must not disclose personal data; obligations on disclosure of
Supplier
personal data; section does not prevent disclosure of anonymised data; section does not prevent disclosure of personal data to processors.
International transfers of
Supplier
Personal Data: prohibition on third country transfers of
Supplier
personal data; exceptions to prohibition on third country transfers of
Supplier
personal data; approved international transfer clauses take precedence over
Agreement
.
Supplier
Personal Data and supervisory authorities: communications from supervisory authorities about
Supplier
personal data; cooperation in relation to supervisory authority action.
Supplier
Personal Data and data subject rights: communications from data subjects about first party personal data; cooperation in relation to data subject rights.
Security of
Supplier
Personal Data: appropriate measures to secure
Supplier
personal data; particular security measures for
Supplier
personal data.
Data breaches involving
the Supplier
Personal Data: notification of data breaches involving
Supplier
personal data; assistance in relation to
Supplier
personal data breaches.
Retention and deletion: retention periods for
Supplier
personal data; section subject to effects of termination.
Compliance audit: right to audit compliance; notice of audit; cooperation in relation to audit; costs of licence audit; limits on audit right.
Changes to Data Protection Laws: changes to data protection law.
Recipient
confidentiality obligations:
Recipient
confidentiality undertaking; disclosure of confidential information by
Recipient
to certain persons; exceptions to
Recipient
confidentiality obligations; disclosures of
Supplier
confidential information mandated by law etc;
Recipient
to stop using confidential information upon termination;
Recipient
confidentiality obligations after termination.
Warranties: first party warranty of authority; second party warranty of authority; exclusion of implied warranties and representations.
Indemnities:
Supplier
indemnifies
Recipient
upon data protection breach;
Recipient
indemnifies
Supplier
upon data protection breach.
Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; per event liability cap.
Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
Effects of termination:
Recipient
to delete
Supplier
personal data; surviving provisions upon termination; termination does not affect accrued rights.
Notices: contractual notices must be in writing; methods of sending contractual notices; contact details for contractual notices; substitute contact details for notices; acknowledgement of notice by email; deemed receipt of contractual notices.
Data protection contacts:
Supplier
data protection contact;
Recipient
data protection contact.
General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
Interpretation: statutory references; section headings not affecting interpretation; no ejusdem generis.

SCHEDULE 1 (DATA PROTECTION INFORMATION NOTICE)

Recipient

SCHEDULE 2 (FORM OF CONSENT)

Recipient

SCHEDULE 3 (INTERNATIONAL TRANSFER CLAUSES)

Prompt for international transfer clauses.

SCHEDULE 4 (SECURITY MEASURES)

Supplier
security measures: prompt for details of
Supplier
security measures.
Recipient
security measures: prompt for details of
Recipient
security measures.

Data sharing agreement (unilateral) document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Data sharing agreement (unilateral) document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	2.0
First published	31 May 2023
Last updated	21 Mar 2024
Law	English law and EU law
Language	English (UK)
^†Word count	5,907
^†Template pages	13

† These figures are approximations.

Privacy law Data protection law Artificial intelligence Agreement

Data sharing agreements

We do not limit the number of copies of a template you can make on your own computer. Nor do they limit the number of times you can print and sign a document. We do however limit the number of copies of a template you can create in the Docular editor, and also the number of websites / digital products with respect to which a template may be used.

There are four different licences under which you can access a Docular template.

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.