All Countries
Compliance
Joint Controller Data Sharing Agreement

Joint Controller Data Sharing Agreement Template for Ireland

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Joint Controller Data Sharing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Joint Controller Data Sharing Agreement

I need a Joint Controller Data Sharing Agreement for a healthcare research collaboration between a private hospital and a university, including provisions for handling sensitive medical data and research findings, with the agreement to commence from March 2025.

Celebrated by
Collaborations with
Investors
Document background
This Joint Controller Data Sharing Agreement is essential when two or more organizations jointly determine the purposes and means of processing personal data under Irish jurisdiction. It is specifically required under Article 26 of GDPR and the Irish Data Protection Act 2018, which mandate that joint controllers must determine their respective responsibilities for compliance through a transparent arrangement. The document should be used when organizations share decision-making authority over data processing activities, such as in collaborative research projects, shared services arrangements, or joint ventures. It differs from a data processing agreement in that it governs a relationship where both parties have equal status as controllers, rather than a controller-processor relationship.
Suggested Sections

1. Parties: Identification of all joint controllers who are parties to the agreement

2. Background: Context of the data sharing arrangement and relationship between the parties

3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology

4. Scope and Purpose: Details of the data sharing activities covered and their specific purposes

5. Roles and Responsibilities: Detailed allocation of responsibilities between joint controllers as required by GDPR Article 26

6. Legal Basis for Processing: Specification of the legal bases relied upon for the data processing activities

7. Data Subject Rights: How data subject rights will be handled and which party is responsible for responding

8. Security Measures: Security requirements and measures to be implemented by all parties

9. Data Breach Notification: Procedures for handling and reporting data breaches

10. Transparency and Privacy Notices: Requirements for informing data subjects about the joint controller arrangement

11. Term and Termination: Duration of the agreement and termination provisions

12. Liability and Indemnification: Allocation of liability between parties and indemnification provisions

13. General Provisions: Standard contractual clauses including governing law, jurisdiction, and amendment procedures

Optional Sections

1. International Data Transfers: Required if data will be transferred outside the EEA, including appropriate transfer mechanisms

2. Sub-processors: Include if either party will use sub-processors, detailing approval processes and obligations

3. Special Categories of Data: Required if special category data is processed, detailing additional safeguards

4. Data Protection Impact Assessment: Include if high-risk processing requires DPIA and how it will be conducted

5. Audit Rights: Optional section detailing audit procedures between parties

6. Insurance Requirements: Include if specific insurance coverage is required for data protection

7. Cost Allocation: Required if there are shared costs for compliance activities or infrastructure

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data types being processed

2. Schedule 2 - Processing Activities: Detailed description of all processing activities covered

3. Schedule 3 - Technical and Organizational Measures: Specific security measures implemented by each party

4. Schedule 4 - Contact Points: Key contacts for operational, legal, and data protection matters

5. Schedule 5 - Data Subject Rights Procedure: Detailed procedures for handling data subject requests

6. Schedule 6 - Data Breach Response Plan: Detailed procedures for responding to data breaches

7. Appendix A - Standard Forms: Templates for routine communications and requests between parties

8. Appendix B - Privacy Notice Template: Template for joint privacy notice to data subjects

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Law
Authorised Recipients
Business Day
Business Hours
Commencement Date
Confidential Information
Controller
Data Protection Impact Assessment
Data Protection Laws
Data Protection Officer
Data Subject
Data Subject Rights
DPC
EEA
Effective Date
GDPR
Information Commissioner
Information Notice
Irish Data Protection Act
Joint Controllers
Joint Processing Activities
Legal Basis
Material Breach
Notice
Party/Parties
Personal Data
Personal Data Breach
Processing
Processor
Prohibited Data
Representatives
Restricted Transfer
Security Measures
Shared Personal Data
Special Categories of Personal Data
Specific Processing Activities
Sub-processor
Supervisory Authority
Technical and Organisational Measures
Term
Third Party
Transfer Mechanism
Clauses
Interpretation
Definitions
Duration
Scope
Data Protection
Joint Controller Obligations
Data Subject Rights
Security
Confidentiality
Breach Notification
Audit Rights
Liability
Indemnification
International Transfers
Sub-processing
Transparency
Cooperation
Technical Requirements
Compliance
Risk Assessment
Termination
Force Majeure
Assignment
Severability
Entire Agreement
Variation
Notices
Governing Law
Dispute Resolution
Third Party Rights
Costs
Insurance
Warranties
Data Retention
Exit Management
Relevant Industries

Healthcare

Financial Services

Technology

Education

Research

Professional Services

Retail

Insurance

Telecommunications

Real Estate

Marketing and Advertising

Transportation and Logistics

Non-profit Organizations

Public Sector

Relevant Teams

Legal

Compliance

Data Protection

Information Security

Risk Management

Operations

Information Technology

Business Development

Research and Development

Information Governance

Privacy

Corporate Affairs

Procurement

Strategy

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Risk Manager

Chief Information Security Officer

Chief Legal Officer

Privacy Manager

Operations Director

Project Manager

Business Development Manager

Chief Technology Officer

Chief Executive Officer

Research Director

Information Governance Manager

Industries
General Data Protection Regulation (GDPR): The primary EU regulation on data protection and privacy, particularly Article 26 which specifically addresses joint controllers and their obligations to put in place an arrangement determining their respective responsibilities
Data Protection Act 2018 (Ireland): The primary Irish legislation that supplements GDPR and provides additional national requirements for data protection in Ireland
Data Protection Act 2018 (Section 36(2)) (Health Research) Regulations 2018: Specific regulations that may be relevant if the data sharing involves health-related data in Ireland
European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011: Important if the data sharing involves electronic communications data or online services
Law Enforcement Directive (LED): Relevant if any of the joint controllers are involved in law enforcement processing activities
Data Protection Commission Guidance on Joint Controllers: While not legislation, this provides important regulatory guidance on how the DPC interprets joint controller obligations in Ireland
EU-US Data Privacy Framework: Relevant if any data sharing involves transfers to the United States
Standard Contractual Clauses (SCCs): Required if the joint controller arrangement involves international data transfers outside the EEA
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Data Privacy Agreement

An Irish law-governed Data Privacy Agreement ensuring GDPR compliance and establishing data processing responsibilities between parties.

find out more

Personal Data Agreement

An Irish law-governed agreement establishing terms for personal data processing in compliance with GDPR and Irish data protection legislation.

find out more

Joint Controller Data Sharing Agreement

An Irish law agreement establishing responsibilities and obligations between joint controllers for shared personal data processing under GDPR.

find out more

Data Controller DPA

An Irish law-governed agreement setting out terms for processing personal data under GDPR, establishing controller-processor relationships and compliance obligations.

find out more

Joint Data Controller Agreement

An Irish law-governed agreement establishing responsibilities and obligations between joint data controllers under GDPR and Irish data protection legislation.

find out more

Supplier Data Processing Agreement

An Irish law-governed agreement establishing data processing terms between a company and supplier, ensuring GDPR compliance and data protection standards.

find out more

Data Protection Addendum

An Irish law-governed Data Protection Addendum establishing GDPR-compliant terms for personal data processing between parties.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.