Joint Controller Data Sharing Agreement Template for Ireland
Generate a bespoke document
What is a Joint Controller Data Sharing Agreement?
This Joint Controller Data Sharing Agreement is essential when two or more organizations jointly determine the purposes and means of processing personal data under Irish jurisdiction. It is specifically required under Article 26 of GDPR and the Irish Data Protection Act 2018, which mandate that joint controllers must determine their respective responsibilities for compliance through a transparent arrangement. The document should be used when organizations share decision-making authority over data processing activities, such as in collaborative research projects, shared services arrangements, or joint ventures. It differs from a data processing agreement in that it governs a relationship where both parties have equal status as controllers, rather than a controller-processor relationship.
About the Joint Controller Data Sharing Agreement
A Joint Controller Data Sharing Agreement is a legally binding document that establishes the framework for collaboration between two or more organizations that jointly determine how personal data is processed. Under Irish law, this agreement is not optional but a mandatory requirement when you share control over data processing decisions with other entities.
When do you need this document?
You need this agreement whenever your organization collaborates with others in ways that involve shared decision-making about personal data processing. This includes joint research projects between universities and companies, shared customer databases between business partners, collaborative marketing campaigns, joint venture operations, and shared service arrangements where multiple organizations contribute to processing decisions. The key determining factor is whether you and your partners jointly decide the purposes and means of processing personal data, rather than one party simply processing data on behalf of another.
Key legal considerations
The agreement must clearly define each party's responsibilities for GDPR compliance, including data subject rights, security measures, breach notification procedures, and lawful basis for processing. You must establish transparent arrangements for handling data subject requests, ensuring individuals can exercise their rights effectively regardless of which joint controller they contact. The document should specify liability allocation between parties, data retention periods, cross-border transfer arrangements, and procedures for bringing additional joint controllers into the arrangement. Critical clauses include designation of a primary contact point for data subjects, clear data sharing protocols, and mechanisms for resolving disputes between joint controllers. You must also ensure the arrangement reflects the essence of your relationship and is made available to data subjects upon request.
Legal requirements in Ireland
Under Irish law, your Joint Controller Data Sharing Agreement must comply with both the General Data Protection Regulation and the Irish Data Protection Act 2018. Article 26 of GDPR specifically requires that you determine your respective responsibilities for compliance through a transparent arrangement, with particular attention to data subject rights exercise and information provision duties. The Irish Data Protection Commission expects clear documentation of how joint controllers will handle data subject requests, breach notifications, and compliance monitoring. If your data sharing involves health-related information, you may need to consider additional requirements under the Data Protection Act 2018 (Section 36(2)) (Health Research) Regulations 2018. For electronic communications data, the European Communities (Electronic Communications Networks and Services) Regulations 2011 may also apply, requiring additional privacy safeguards and consent mechanisms.
GOVERNING LAW
Applicable law
This Joint Controller Data Sharing Agreement is drafted to comply with Ireland law. Key legislation includes:
Data Protection Act 2018 (Ireland): The primary Irish legislation that supplements GDPR and provides additional national requirements for data protection in Ireland
Data Protection Act 2018 (Section 36(2)) (Health Research) Regulations 2018: Specific regulations that may be relevant if the data sharing involves health-related data in Ireland
European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011: Important if the data sharing involves electronic communications data or online services
Law Enforcement Directive (LED): Relevant if any of the joint controllers are involved in law enforcement processing activities
Data Protection Commission Guidance on Joint Controllers: While not legislation, this provides important regulatory guidance on how the DPC interprets joint controller obligations in Ireland
EU-US Data Privacy Framework: Relevant if any data sharing involves transfers to the United States
Standard Contractual Clauses (SCCs): Required if the joint controller arrangement involves international data transfers outside the EEA
Explore 208,390+ legal templates
Explore 208,390+ legal templates
Genie's Security Promise
Genie is the safest place to draft. Here's how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie's AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it