GDPR Intercompany Agreement Template for Belgium

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5

4.8 / 5

Let's create your GDPR Intercompany Agreement

1. Select your governing law and document type:

2. Enter your key requirements:

3. Create your document to edit, review or download

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Gdpr Intercompany Agreements

"I need a GDPR Intercompany Agreement for our Belgian pharmaceutical group with subsidiaries in France and Germany, ensuring compliance with clinical trial data sharing requirements and including specific provisions for special categories of health data to be implemented by March 2025."

Document background

GDPR Intercompany Agreements are essential legal instruments used to ensure compliant personal data processing and transfers within corporate groups operating under Belgian jurisdiction. These agreements are particularly crucial when multiple group entities share, process, or transfer personal data across different operations. The document addresses requirements under both the EU GDPR and Belgian Data Protection Act, establishing clear protocols for data protection, processing activities, and compliance measures. It becomes necessary when group companies need to share personal data as part of their regular operations, requiring formal documentation of their data protection obligations and responsibilities. The agreement includes comprehensive details about security measures, data subject rights, breach notification procedures, and audit requirements, making it a fundamental document for corporate data protection compliance.

Suggested Sections

1. Parties: Identification of the group companies entering into the agreement, including their roles (data controller/processor)

2. Background: Context of the agreement, description of the group structure, and purpose of data sharing

3. Definitions: Definitions of key terms, including GDPR-specific terminology and company-specific terms

4. Scope and Purpose: Detailed description of data processing activities covered by the agreement

5. Roles and Responsibilities: Clear delineation of each party's role and responsibilities under GDPR

6. Data Protection Principles: Commitment to GDPR principles and specific measures to ensure compliance

7. Legal Basis for Processing: Specification of the legal grounds for data processing and transfer

8. Data Subject Rights: Procedures for handling data subject requests and ensuring rights are respected

9. Security Measures: Technical and organizational measures required for data protection

10. Data Breach Notification: Procedures for reporting and handling personal data breaches

11. Audit Rights: Provisions for monitoring and verifying compliance

12. Term and Termination: Duration of the agreement and conditions for termination

13. Governing Law and Jurisdiction: Specification of Belgian law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when data transfers outside the EEA are contemplated, incorporating necessary safeguards

2. Sub-processing: Include when parties may engage sub-processors for data processing activities

3. Joint Controller Provisions: Required when parties act as joint controllers for certain processing activities

4. Industry-Specific Requirements: Additional provisions for regulated industries (e.g., healthcare, financial services)

5. Data Protection Impact Assessments: Procedures for conducting DPIAs when required by processing activities

6. Brexit Provisions: Special provisions for UK entities within the group, if applicable

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data and purposes

2. Schedule 2 - Technical and Organizational Measures: Specific security measures and controls implemented by each party

3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Data Transfer Mechanisms: Details of transfer mechanisms used for international data transfers

5. Schedule 5 - Contact Points: List of key contacts for data protection matters at each entity

6. Appendix A - Standard Contractual Clauses: EU SCCs for international transfers, if applicable

7. Appendix B - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches

8. Appendix C - Data Subject Rights Procedure: Detailed procedures for handling data subject requests

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co

Relevant legal definitions

Clauses

Relevant Industries

Financial Services

Healthcare

Technology

Manufacturing

Retail

Professional Services

Telecommunications

Energy

Transportation

Insurance

Pharmaceuticals

Education

E-commerce

Media and Entertainment

Consulting

Relevant Teams

Legal

Compliance

Information Security

Risk Management

Data Protection

Privacy

Information Governance

Corporate Affairs

Regulatory Affairs

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Chief Information Officer

Privacy Manager

Group Legal Director

Compliance Officer

Risk Manager

Corporate Counsel

Chief Technology Officer

Data Governance Manager

Information Governance Director

Find the exact document you need