Joint controllers data sharing agreement (mutual)

This joint controller data sharing agreement serves to establish a framework for the regulated exchange of personal data between two entities, each acting as an joint controller in relation to the shared data.

In contrast to controller-to-processor transfers, there is no prescribed set of clauses mandated for contracts governing controller-to-controller transfers. However, Article 26 of the GDPR does set out principles for joint controllership, providing that joint controllers must "in a transparent manner determine their respective responsibilities for compliance with the obligations under ... [the GDPR] ... in particular as regards the exercising of the rights of the data subject and their ... [information provision duties] ... by means of an arrangement between them ... ".

The essence of these arrangement should be made available to individual data subjects; however, notwithstanding any allocation of responsibilities, data subjects may exercise their rights against either controller.

While a data sharing agreement may address some aspects of GDPR compliance, including limitations on data disclosure, international data transfers, supervisory authority interactions, data subject rights, data security, and breach handling, it may not encompass all obligations under the GDPR. For example, a data protection impact assessment (DPIA) might be required prior to initiating a data sharing arrangement.

This agreement does not specifically cover the sharing of special categories of personal data or data shared under law enforcement processing regulations.

The provisions within this data sharing agreement are consistent with the UK Information Commissioner's Office (ICO) Data Sharing Code.

Ask about this document

Joint controllers data sharing agreement (mutual) contents

Definitions: definitions; data protection terms.
Term: commencement of term; end of term.
Obligations to share Personal Data: obligation on
First Party
to share personal data; obligation on
Second Party
to share personal data.
Data quality: parties to ensure data quality.
No special categories: no special categories of personal data to be shared; no criminal conviction data to be shared.
Parties acting as joint controllers: parties are joint controllers for relevant processing; purposes of processing shared personal data (joint controllers); legal bases of sharing personal data (joint controllers); document does not apply to all personal data.
Compliance with Data Protection Laws: compliance with data protection laws with respect to relevant processing; shared personal data collected in accordance with law; requirements relating to consent-based processing of personal data;
First Party
responsibility for relevant processing transparency requirements;
Second Party
responsibility for relevant processing transparency requirements; assistance in relation to compliance with data protection laws for relevant processing.
Further disclosure of Shared Personal Data:
First Party
must not disclose personal data;
Second Party
must not disclose personal data; obligations on disclosure of
First Party
personal data; obligations on disclosure of
the Second Party
personal data; section does not prevent disclosure of anonymised data; section does not prevent disclosure of personal data to processors.
International transfers of Shared Personal Data: prohibition on third country transfers of shared personal data; exceptions to prohibition on third country transfers of shared personal data; approved international transfer clauses take precedence over
Agreement
.
Shared Personal Data and supervisory authorities: communications from supervisory authorities about shared personal data ; cooperation in relation to supervisory authority action .
Shared Personal Data and data subject rights: communications from data subjects about shared personal data ; cooperation in relation to data subject rights; primary data subject contact for joint controllers.
Security of Shared Personal Data: appropriate measures to secure Relevant Processing; particular security measures for the Relevant Processing.
Data breaches involving Shared Personal Data: notification of data breaches involving shared personal data; assistance in relation to shared personal data breaches.
Retention and deletion: retention periods for
First Party
personal data; retention periods for
Second Party
personal data; section subject to effects of termination.
Compliance audit: right to audit compliance; notice of audit; cooperation in relation to audit; costs of licence audit; limits on audit right.
Changes to Data Protection Laws: changes to data protection law.
Confidentiality obligations:
First Party
confidentiality undertaking;
Second Party
confidentiality undertaking; disclosure of confidential information to certain persons; exceptions to confidentiality obligations; disclosures of confidential information mandated by law etc; confidentiality obligations after termination.
Warranties: first party warranty of authority; second party warranty of authority; exclusion of implied warranties and representations.
Indemnities:
First Party
indemnifies
Second Party
upon data protection breach;
Second Party
indemnifies
First Party
upon data protection breach.
Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; per event liability cap.
Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
Effects of termination: parties to delete shared personal data; surviving provisions upon termination; termination does not affect accrued rights.
Notices: contractual notices must be in writing; methods of sending contractual notices; contact details for contractual notices; substitute contact details for notices; acknowledgement of notice by email; deemed receipt of contractual notices.
Data protection contacts:
First Party
data protection contact;
Second Party
data protection contact.
General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
Interpretation: statutory references; section headings not affecting interpretation; no ejusdem generis.

SCHEDULE 1 (DATA PROTECTION INFORMATION NOTICES)

First Party
data protection information notice: prompt for
First Party
data protection information notice.
Second Party
data protection information notice: prompt for
Second Party
data protection information notice.

SCHEDULE 2 (INTERNATIONAL TRANSFER CLAUSES)

Prompt for international transfer clauses.

SCHEDULE 3 (FORM OF CONSENT)

First Party
form of consent: prompt for
First Party
form of consent.
Second Party
form of consent: prompt for
Second Party
form of consent.

SCHEDULE 4 (SECURITY MEASURES)

First Party
security measures: prompt for details of
First Party
security measures.
Second Party
security measures: prompt for details of
Second Party
security measures.

Joint controllers data sharing agreement (mutual) document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Joint controllers data sharing agreement (mutual) document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	1.0
First published	22 Mar 2024
Law	English law and EU law
Language	English (UK)
^†Word count	6,653
^†Template pages	15

† These figures are approximations.

Privacy law Data protection law Artificial intelligence Agreement

Data sharing agreements

We do not limit the number of copies of a template you can make on your own computer. Nor do they limit the number of times you can print and sign a document. We do however limit the number of copies of a template you can create in the Docular editor, and also the number of websites / digital products with respect to which a template may be used.

There are four different licences under which you can access a Docular template.

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.