All Countries
Compliance
Joint Data Controller Agreement

Joint Data Controller Agreement Template for Ireland

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Joint Data Controller Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Joint Data Controller Agreement

I need a Joint Data Controller Agreement between my healthcare technology company and a research institution for a medical data analysis project starting March 2025, including provisions for handling sensitive patient data and cross-border transfers within the EU.

Celebrated by
Collaborations with
Investors
Document background
This Joint Data Controller Agreement is essential when two or more parties jointly determine the purposes and means of processing personal data in Ireland. The agreement is required under Article 26 of the GDPR and the Irish Data Protection Act 2018, ensuring clear allocation of responsibilities and transparent arrangements between controllers. It should be used whenever organizations collaborate on projects or services involving shared data processing activities, such as joint research projects, shared services, or collaborative initiatives. The document addresses crucial aspects including data subject rights, security measures, breach notification procedures, and liability allocation, while ensuring compliance with Irish and EU data protection requirements. This agreement is particularly important as it helps organizations demonstrate their compliance with accountability obligations under data protection law and provides transparency to data subjects about how their personal data is handled.
Suggested Sections

1. Parties: Identification of the joint controllers entering into the agreement

2. Background: Context of the joint controller relationship and purpose of the agreement

3. Definitions: Definitions of key terms used in the agreement, including those from GDPR and Irish Data Protection Act

4. Scope and Purpose: Detailed description of the joint processing activities and purposes covered by the agreement

5. Roles and Responsibilities: Clear allocation of responsibilities between the joint controllers for GDPR compliance

6. Data Subject Rights: Procedures for handling data subject requests and designated contact points

7. Transparency Requirements: Obligations regarding privacy notices and making essential arrangements available to data subjects

8. Security Measures: Technical and organizational measures required to ensure data security

9. Data Breach Notification: Procedures for handling and reporting personal data breaches

10. Liability and Indemnification: Allocation of liability between joint controllers and indemnification provisions

11. Term and Termination: Duration of the agreement and conditions for termination

12. Governing Law and Jurisdiction: Specification of Irish law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when personal data is transferred outside the EEA

2. Sub-processors: Include when joint controllers plan to engage data processors

3. Special Categories of Data: Required when processing sensitive personal data as defined in GDPR Article 9

4. Data Protection Impact Assessment: Include when high-risk processing activities require DPIA

5. Insurance Requirements: Include when specific insurance coverage is required for data protection

6. Audit Rights: Optional section detailing mutual audit rights between controllers

7. Cost Allocation: Include when there are specific arrangements for sharing costs of joint processing activities

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of joint processing activities, including categories of data and purposes

2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented by each controller

3. Schedule 3 - Data Subject Rights Procedure: Detailed procedures for handling data subject requests

4. Schedule 4 - Data Breach Response Plan: Detailed procedures for responding to data breaches

5. Schedule 5 - Contact Points: Key contacts for each controller for various purposes

6. Appendix 1 - Standard Forms: Template forms for data subject requests, breach notifications, and other standard communications

7. Appendix 2 - Privacy Notice: Joint privacy notice template to be provided to data subjects

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Law
Business Day
Confidential Information
Controller
Data Protection Authority
Data Protection Impact Assessment
Data Protection Officer
Data Subject
Data Subject Request
Effective Date
GDPR
Irish Data Protection Act
Joint Controllers
Joint Processing Activities
Lead Controller
Personal Data
Personal Data Breach
Processing
Processor
Regulatory Authority
Representatives
Restricted Transfer
Security Measures
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organisational Measures
Term
Territory
Third Party
Working Day
Relevant Industries

Healthcare

Education

Financial Services

Technology

Public Sector

Research & Development

Professional Services

Retail

Telecommunications

Insurance

Marketing & Advertising

Real Estate

Non-Profit

Transportation & Logistics

Relevant Teams

Legal

Compliance

Information Security

IT

Risk Management

Data Protection

Privacy

Operations

Information Governance

Executive Leadership

Project Management

Commercial

Procurement

Relevant Roles

Data Protection Officer

Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Risk Manager

Chief Information Security Officer

Chief Privacy Officer

General Counsel

IT Director

Chief Technology Officer

Project Manager

Operations Manager

Chief Executive Officer

Commercial Director

Data Protection Specialist

Privacy Analyst

Compliance Officer

Industries
General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679: The primary EU regulation governing data protection and privacy, which directly applies in Ireland. Article 26 specifically addresses joint controllers and their obligations.
Data Protection Act 2018 (Ireland): The Irish law that implements GDPR and provides additional national requirements for data protection in Ireland.
European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011: Irish regulations governing privacy in electronic communications, relevant if the joint controllers process electronic communications data.
Data Protection Act 1988 and 2003 (Ireland): While largely superseded by GDPR and DPA 2018, these acts may still be relevant for understanding the historical context and certain continuing provisions.
Data Protection (Registration) Regulations 2001: Irish regulations governing the registration of data controllers with the Data Protection Commission, relevant for joint controller arrangements.
Charter of Fundamental Rights of the European Union: EU charter that establishes the fundamental right to protection of personal data (Article 8), providing the legal basis for data protection requirements.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Data Privacy Agreement

An Irish law-governed Data Privacy Agreement ensuring GDPR compliance and establishing data processing responsibilities between parties.

find out more

Personal Data Agreement

An Irish law-governed agreement establishing terms for personal data processing in compliance with GDPR and Irish data protection legislation.

find out more

Joint Controller Data Sharing Agreement

An Irish law agreement establishing responsibilities and obligations between joint controllers for shared personal data processing under GDPR.

find out more

Data Controller DPA

An Irish law-governed agreement setting out terms for processing personal data under GDPR, establishing controller-processor relationships and compliance obligations.

find out more

Joint Data Controller Agreement

An Irish law-governed agreement establishing responsibilities and obligations between joint data controllers under GDPR and Irish data protection legislation.

find out more

Supplier Data Processing Agreement

An Irish law-governed agreement establishing data processing terms between a company and supplier, ensuring GDPR compliance and data protection standards.

find out more

Data Protection Addendum

An Irish law-governed Data Protection Addendum establishing GDPR-compliant terms for personal data processing between parties.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.