Register
Forgotten password?

A family of Data sharing agreementsdocumentsData sharing agreements

These agreements facilitate the lawful sharing of personal data between two controllers (as that term is defined in the General Data Protection Regulation). They can be used with respect to joint controllers or independent controllers. They are not however suitable for use in relation to controller-to-processor or processor-to-processor sharing.

Data sharing agreement (mutual)

FROM

£50.00

OR

50

CREDITS
Buy
Version 1.3
First published 31 May 2018
Last updated 31 May 2023
Word count 6,942
Template pages 15

Data sharing agreement (unilateral)

FROM

£50.00

OR

50

CREDITS
Buy
Version 1.0
First published 31 May 2023
Last updated 1 Jun 2023
Word count 6,267
Template pages 13

Compare contents

Data sharing agreement (mutual) contents

  1. Definitions: definitions; data protection terms.
  2. Term: commencement of term; end of term.
  3. Obligations to share Personal Data: obligation on 
    First Party
     to share personal data; obligation on 
    Second Party
    to share personal data.
  4. Data quality: parties to ensure data quality.
  5. No special categories: no special categories of personal data to be shared; no criminal conviction data to be shared.
  6. Parties acting as controllers: each party is independent controller of shared personal data; legal bases of sharing personal data (independent controllers); document does not apply to all personal data.
  7. Compliance with Data Protection Laws: compliance with data protection laws with respect to shared personal data; shared personal data collected in accordance with law; requirements relating to consent-based processing of personal data;
    First Party
     responsible for meeting data protection transparency requirements;
    Second Party
    responsible for meeting data protection transparency requirements; assistance in relation to compliance with data protection laws.
  8. Further disclosure of
    First Party
    Personal Data:
    First Party
     must not disclose personal data;
    Second Party
    must not disclose personal data; obligations on disclosure of
    First Party
    personal data; section does not prevent disclosure of anonymised data; section does not prevent disclosure of personal data to processors.
  9. International transfers of Shared Personal Data: prohibition on third country transfers of shared personal data; exceptions to prohibition on third country transfers of shared personal data; approved international transfer clauses take precedence over 
    Agreement
    .
  10. Shared Personal Data and supervisory authorities: communications from supervisory authorities about shared personal data; cooperation in relation to supervisory authority action.
  11. Shared Personal Data and data subject rights: communications from data subjects about shared personal data; cooperation in relation to data subject rights; primary data subject contact for joint controllers.
  12. Security of Shared Personal Data: appropriate measures to secure shared personal data; particular security measures for shared personal data.
  13. Data breaches involving Shared Personal Data: notification of data breaches involving shared personal data; assistance in relation to shared personal data breaches.
  14. Retention and deletion: retention periods for
    First Party
    personal data; retention periods for
    Second Party
    personal data; section subject to effects of termination.
  15. Compliance audit: right to audit compliance; notice of audit; cooperation in relation to audit; costs of licence audit; limits on audit right.
  16. Changes to Data Protection Laws: changes to data protection law.
  17. Confidentiality obligations:
    First Party
    confidentiality undertaking;
    Second Party
    confidentiality undertaking; disclosure of confidential information to certain persons; exceptions to confidentiality obligations; disclosures of confidential information mandated by law etc; confidentiality obligations after termination.
  18. Warranties: first party warranty of authority; second party warranty of authority; exclusion of implied warranties and representations.
  19. Indemnities:
    First Party
    indemnifies
    Second Party
    upon breach;
    Second Party
    indemnifies
    First Party
     upon breach.
  20. Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; per event liability cap.
  21. Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
  22. Effects of termination: parties to delete shared personal data; surviving provisions upon termination; termination does not affect accrued rights.
  23. Notices: methods and deemed receipt of contractual notices; contact details for contractual notices; substitute contact details for notices.
  24. Data protection contacts:
    First Party
     data protection contact;
    Second Party
    data protection contact.
  25. General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
  26. Interpretation: statutory references; section headings not affecting interpretation; no ejusdem generis.

SCHEDULE 1 (DATA PROTECTION INFORMATION NOTICES)

  1. First Party
    data protection information notice:
    prompt for 
    First Party
     data protection information notice.
  2. Second Party
    data protection information notice:
    prompt for 
    Second Party
    data protection information notice.

SCHEDULE 2 (INTERNATIONAL TRANSFER CLAUSES)

    Prompt for international transfer clauses.

SCHEDULE 3 (FORM OF CONSENT)

  1. First Party
     form of consent:
    prompt for 
    First Party
     form of consent.
  2. Second Party
     form of consent:
    prompt for 
    Second Party
     form of consent.

SCHEDULE 4 (SECURITY MEASURES)

  1. First Party
    security measures:
    prompt for details of
    First Party
    security measures.
  2.  
    Second Party
     security measures:
    prompt for details of
    Second Party
    security measures.

Data sharing agreement (unilateral) contents

  1. Definitions: definitions; data protection terms.
  2. Term: commencement of term; end of term.
  3. Obligations to share Personal Data: obligation on 
    Sharer
     to share personal data.
  4. Data quality:
    Sharer
    to ensure data quality.
  5. No special categories: no special categories of personal data to be shared by 
    Sharer
    ; no criminal conviction data to be shared by first party.
  6. Parties acting as controllers: each party is independent controller of first party personal data; legal bases of sharing
    Sharer
    personal data (independent controllers); document does not apply to all personal data disclosed by 
    Sharer
    .
  7. Compliance with Data Protection Laws: compliance with data protection laws with respect to
    Sharer
    personal data;
    Sharer
    personal data collected in accordance with law; requirements relating to consent-based processing of personal data;
    Sharer
     responsible for meeting data protection transparency requirements; assistance in relation to compliance with data protection laws.
  8. Further disclosure of
    Sharer
    Personal Data:
    Sharer
     must not disclose personal data;
    Recipient
    must not disclose personal data; obligations on disclosure of
    Sharer
    personal data; section does not prevent disclosure of anonymised data; section does not prevent disclosure of personal data to processors.
  9. International transfers of 
    Sharer
    Personal Data
    :
    prohibition on third country transfers of
    Sharer
    personal data; exceptions to prohibition on third country transfers of
    Sharer
    personal data; approved international transfer clauses take precedence over 
    Agreement
    .
  10. Sharer
    Personal Data
    and supervisory authorities:
    communications from supervisory authorities about 
    Sharer
    personal data; cooperation in relation to supervisory authority action.
  11. Sharer
    Personal Data
    and data subject rights:
    communications from data subjects about first party personal data; cooperation in relation to data subject rights; primary data subject contact for joint controllers.
  12. Security of
    Sharer
    Personal Data
    :
    appropriate measures to secure
    Sharer
    personal data; particular security measures for
    Sharer
    personal data.
  13. Data breaches involving
    the Sharer
    Personal Data:
    notification of data breaches involving
    Sharer
    personal data; assistance in relation to
    Sharer
    personal data breaches.
  14. Retention and deletion: retention periods for
    Sharer
    personal data; section subject to effects of termination.
  15. Compliance audit: right to audit compliance; notice of audit; cooperation in relation to audit; costs of licence audit; limits on audit right.
  16. Changes to Data Protection Laws: changes to data protection law.
  17. Recipient
     confidentiality obligations:
    Recipient
    confidentiality undertaking; disclosure of confidential information by
    Recipient
    to certain persons; exceptions to
    Recipient
     confidentiality obligations; disclosures of
    Sharer
    confidential information mandated by law etc;
    Recipient
    to stop using confidential information upon termination;
    Recipient
    to return or destroy confidential information following termination;
    Recipient
    confidentiality obligations after termination.
  18. Warranties: first party warranty of authority; second party warranty of authority; exclusion of implied warranties and representations.
  19. Indemnities:
    Sharer
    indemnifies
    Recipient
    upon breach;
    Recipient
    indemnifies
    Sharer
     upon breach.
  20. Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; per event liability cap.
  21. Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
  22. Effects of termination:
    Recipient
    to delete
    Sharer
    personal data; surviving provisions upon termination; termination does not affect accrued rights.
  23. Notices: methods and deemed receipt of contractual notices; contact details for contractual notices; substitute contact details for notices.
  24. Data protection contacts:
    Sharer
     data protection contact;
    Recipient
    data protection contact.
  25. General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
  26. Interpretation: statutory references; section headings not affecting interpretation; no ejusdem generis.

SCHEDULE 1 (DATA PROTECTION INFORMATION NOTICE)

    Prompt for 
    Recipient
    data protection information notice.

SCHEDULE 2 (FORM OF CONSENT)

    Prompt for 
    Recipient
     form of consent.

SCHEDULE 3 (INTERNATIONAL TRANSFER CLAUSES)

    Prompt for international transfer clauses.

SCHEDULE 4 (SECURITY MEASURES)

  1. Sharer
    security measures:
    prompt for details of
    Sharer
    security measures.
  2.  
    Recipient
     security measures:
    prompt for details of
    Recipient
    security measures.