All Countries
Compliance
Intra Group Agreement Data Protection

Intra Group Agreement Data Protection Template for Austria

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Intra Group Agreement Data Protection

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Intra Group Agreement Data Protection

"Need an Intra Group Agreement Data Protection under Austrian law for our pharmaceutical group with 5 subsidiaries, including specific provisions for handling sensitive health data and clinical trial data, to be implemented by March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Intra Group Agreement Data Protection is essential for corporate groups operating in or from Austria who need to establish a formal framework for internal data processing and transfers. This agreement becomes necessary when multiple entities within a corporate group share personal data, whether as controllers or processors, and need to ensure compliance with the GDPR and Austrian Data Protection Act. It addresses key requirements including data protection principles, security measures, breach notification procedures, and data subject rights. The document is particularly crucial for groups with European operations, as it helps demonstrate compliance with data protection regulations while facilitating efficient data flows within the group. The agreement should be updated periodically to reflect changes in data protection laws, group structure, or processing activities.
Suggested Sections

1. Parties: Identification of the group companies entering into the agreement, including their registered offices and company registration numbers

2. Background: Context of the agreement, relationship between the parties, and purpose of the data processing activities

3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology

4. Scope and Purpose: Details of the data processing activities covered by the agreement and their legitimate purposes

5. Roles and Responsibilities: Clear designation of controllers, processors, and joint controllers within the group

6. Data Protection Principles: Commitment to GDPR principles including lawfulness, fairness, transparency, purpose limitation, data minimization

7. Legal Basis for Processing: Specification of the legal grounds for data processing and transfer within the group

8. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights are protected

9. Security Measures: Technical and organizational measures required to ensure data security

10. Data Breach Notification: Procedures for reporting and handling personal data breaches within the group

11. Audit and Compliance: Rights and procedures for monitoring compliance with the agreement

12. Liability and Indemnification: Allocation of liability between group companies and indemnification provisions

13. Term and Termination: Duration of the agreement and conditions for termination

14. Governing Law and Jurisdiction: Specification of Austrian law as governing law and jurisdiction for disputes

Optional Sections

1. Special Categories of Personal Data: Additional provisions for processing sensitive personal data, if applicable

2. International Data Transfers: Specific provisions for transfers to group companies outside the EEA, if relevant

3. Joint Controller Arrangements: Detailed arrangements where multiple group entities act as joint controllers

4. Sub-processing: Conditions and procedures for engaging sub-processors within or outside the group

5. Data Protection Officer: Provisions regarding DPO appointment and responsibilities, if required

6. Insurance: Requirements for maintaining data protection insurance coverage

7. Force Majeure: Provisions for handling circumstances beyond reasonable control

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects and personal data

2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented to protect personal data

3. Schedule 3 - Authorized Recipients: List of group companies and their roles (controller/processor) covered by the agreement

4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Schedule 5 - Security Breach Response Plan: Detailed procedures for responding to data breaches

6. Appendix A - Contact Points: List of key contacts for data protection matters within each group company

7. Appendix B - Standard Forms: Templates for data subject requests, breach notifications, and audit reports

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Affiliated Company
Austrian Data Protection Act
Binding Corporate Rules
Controller
Data Protection Laws
Data Protection Officer
Data Subject
Data Subject Rights
EEA
Effective Date
GDPR
Group
Group Company
Information Security Incident
Joint Controller
Local Data Protection Law
Personal Data
Personal Data Breach
Processing
Processor
Restricted Transfer
Security Measures
Sensitive Personal Data
Services
Standard Contractual Clauses
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Third Country
Third Party
Transfer Mechanism
Relevant Industries

Financial Services

Healthcare

Technology

Manufacturing

Retail

Professional Services

Telecommunications

Insurance

Energy

Transportation and Logistics

Media and Entertainment

Pharmaceuticals

Consulting

E-commerce

Relevant Teams

Legal

Compliance

Information Security

IT

Risk Management

Data Protection

Privacy

Information Governance

Operations

Internal Audit

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Chief Information Security Officer

Risk Manager

IT Director

Chief Technology Officer

Group Data Protection Coordinator

Privacy Manager

Compliance Director

General Counsel

Head of Legal

Chief Operating Officer

Industries
General Data Protection Regulation (GDPR): EU Regulation 2016/679 that sets the primary framework for data protection and privacy in the European Economic Area
Austrian Data Protection Act (Datenschutzgesetz - DSG): National law implementing GDPR in Austria and providing additional country-specific data protection requirements
Article 29 Working Party Guidelines on Binding Corporate Rules: EU guidelines for multinational companies transferring personal data within their corporate group
Austrian Civil Code (ABGB): Relevant sections governing contract formation and validity under Austrian law
Austrian Commercial Code (UGB): Provisions relating to commercial relationships and contracts between business entities
European Data Protection Board Guidelines: Guidelines on data protection impact assessments and data transfer mechanisms within the EU
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Agreement Data Protection

An Austrian law-governed agreement regulating data protection practices and compliance between group companies under GDPR and local data protection requirements.

find out more

Joint Controller Data Sharing Agreement

An Austrian law-governed agreement establishing joint controller arrangements for data sharing and processing under GDPR and local data protection requirements.

find out more

Commissioned Data Processing Agreement

An Austrian law-governed data processing agreement establishing controller-processor relationships under GDPR and local data protection requirements.

find out more

Data Privacy Addendum

An Austrian law-governed Data Privacy Addendum ensuring GDPR and Austrian DSG compliance for personal data processing activities.

find out more

Non Disclosure Agreement Data Protection

Austrian-law governed NDA with GDPR compliance focus, combining confidentiality and data protection requirements.

find out more

Data Protection Addendum

An Austrian law-governed addendum that establishes GDPR-compliant terms for personal data processing between controllers and processors.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.