The Controller To Controller Agreement GDPR is essential for organizations that share personal data while acting as independent data controllers under the EU General Data Protection Regulation (GDPR). This agreement is particularly relevant when both parties are based in or operating under United States law while handling European personal data. It establishes the framework for lawful data sharing, defines each party's responsibilities, ensures GDPR compliance, and incorporates necessary safeguards for international data transfers. The agreement is crucial for organizations needing to demonstrate compliance with GDPR Article 26 requirements while operating within the US legal framework, including considerations for state-specific privacy laws and the EU-US Data Privacy Framework.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Parties: Identification of the data controllers and their registered offices
2. Background: Context of the data sharing relationship and purpose of the agreement
3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology
4. Scope and Purpose: Details of the data sharing activities and legitimate purposes for processing
5. Roles and Responsibilities: Clear delineation of each controller's obligations and responsibilities
6. Legal Basis for Processing: Specification of the legal grounds under GDPR Article 6 for the data processing
7. Data Protection Principles: Commitment to GDPR principles including lawfulness, fairness, and transparency
8. Data Subject Rights: Procedures for handling data subject requests and ensuring rights are respected
9. Security Measures: Technical and organizational measures required to ensure data security
10. Data Breach Notification: Procedures for notifying each other and authorities of data breaches
11. Confidentiality: Obligations regarding confidentiality of shared personal data
12. Term and Termination: Duration of the agreement and conditions for termination
13. Liability and Indemnification: Allocation of liability and indemnification obligations
14. Governing Law and Jurisdiction: Specification of applicable law and jurisdiction for disputes
1. International Data Transfers: Required when personal data is transferred outside the EEA, including transfer mechanisms and safeguards
2. Sub-processing: Include when either controller may engage sub-processors for data processing activities
3. Audit Rights: Optional section detailing audit procedures when regular compliance verification is required
4. Insurance: Include when specific insurance coverage for data protection is required
5. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals
6. Joint Controller Provisions: Include when parties are acting as joint controllers for certain processing activities
7. US State Privacy Law Compliance: Include when processing involves data subjects from specific US states with privacy laws
1. Schedule 1 - Details of Processing: Detailed description of data processing activities, categories of data subjects and personal data
2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented by both controllers
3. Schedule 3 - Transfer Mechanisms: Details of international transfer mechanisms including SCCs if applicable
4. Schedule 4 - Contact Points: Key contacts for operational matters, data protection officers, and breach notification
5. Schedule 5 - Sub-processors: List of approved sub-processors and process for adding new ones
6. Appendix A - Data Subject Rights Procedure: Detailed procedures for handling data subject requests
7. Appendix B - Breach Response Plan: Detailed procedures for responding to and managing data breaches
Find the exact document you need
Controller To Controller Agreement Gdpr
A US law-governed agreement establishing GDPR-compliant data sharing arrangements between independent data controllers handling EU personal data.
Download
Personal Data Sharing Agreement
A US-compliant agreement governing the sharing of personal data between organizations, ensuring privacy law compliance and data protection.
Download
Office Sharing Agreement
A U.S.-compliant legal agreement establishing terms for sharing office space between multiple parties, including space allocation, costs, and usage rights.
Download
Data Exchange Agreement
A U.S.-governed agreement that establishes terms and conditions for sharing data between parties while ensuring regulatory compliance.
Download
Third Party Data Sharing Agreement
A U.S.-compliant legal agreement governing the sharing and protection of data between organizations.
Download
Content Sharing Agreement
A U.S.-governed agreement establishing terms for sharing and distributing digital content between parties, including rights, permissions, and compliance requirements.
Download
łŇ±đ˛Ôľ±±đ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; łŇ±đ˛Ôľ±±đ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it