Joint Controller Data Sharing Agreement Template for Ireland

Generate a bespoke document

Trusted by 200k+ teams

4.7 Capterra
4.8 Product Hunt
4.6 Trustpilot

What is a Joint Controller Data Sharing Agreement?

This Joint Controller Data Sharing Agreement is essential when two or more organizations jointly determine the purposes and means of processing personal data under Irish jurisdiction. It is specifically required under Article 26 of GDPR and the Irish Data Protection Act 2018, which mandate that joint controllers must determine their respective responsibilities for compliance through a transparent arrangement. The document should be used when organizations share decision-making authority over data processing activities, such as in collaborative research projects, shared services arrangements, or joint ventures. It differs from a data processing agreement in that it governs a relationship where both parties have equal status as controllers, rather than a controller-processor relationship.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

Jurisdiction

Ireland

Publisher

GenieAI

Sector

Business

Cost

Free to use

Last updated

About the Joint Controller Data Sharing Agreement

A Joint Controller Data Sharing Agreement is a legally binding document that establishes the framework for collaboration between two or more organizations that jointly determine how personal data is processed. Under Irish law, this agreement is not optional but a mandatory requirement when you share control over data processing decisions with other entities.

When do you need this document?

You need this agreement whenever your organization collaborates with others in ways that involve shared decision-making about personal data processing. This includes joint research projects between universities and companies, shared customer databases between business partners, collaborative marketing campaigns, joint venture operations, and shared service arrangements where multiple organizations contribute to processing decisions. The key determining factor is whether you and your partners jointly decide the purposes and means of processing personal data, rather than one party simply processing data on behalf of another.

Key legal considerations

The agreement must clearly define each party's responsibilities for GDPR compliance, including data subject rights, security measures, breach notification procedures, and lawful basis for processing. You must establish transparent arrangements for handling data subject requests, ensuring individuals can exercise their rights effectively regardless of which joint controller they contact. The document should specify liability allocation between parties, data retention periods, cross-border transfer arrangements, and procedures for bringing additional joint controllers into the arrangement. Critical clauses include designation of a primary contact point for data subjects, clear data sharing protocols, and mechanisms for resolving disputes between joint controllers. You must also ensure the arrangement reflects the essence of your relationship and is made available to data subjects upon request.

Legal requirements in Ireland

Under Irish law, your Joint Controller Data Sharing Agreement must comply with both the General Data Protection Regulation and the Irish Data Protection Act 2018. Article 26 of GDPR specifically requires that you determine your respective responsibilities for compliance through a transparent arrangement, with particular attention to data subject rights exercise and information provision duties. The Irish Data Protection Commission expects clear documentation of how joint controllers will handle data subject requests, breach notifications, and compliance monitoring. If your data sharing involves health-related information, you may need to consider additional requirements under the Data Protection Act 2018 (Section 36(2)) (Health Research) Regulations 2018. For electronic communications data, the European Communities (Electronic Communications Networks and Services) Regulations 2011 may also apply, requiring additional privacy safeguards and consent mechanisms.

GOVERNING LAW

Applicable law

This Joint Controller Data Sharing Agreement is drafted to comply with Ireland law. Key legislation includes:

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it