All Countries
Data Privacy
Controller To Controller DPA

Controller To Controller DPA Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller To Controller DPA

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller To Controller DPA

"I need a Controller to Controller DPA under Philippine law for a data sharing arrangement between my fintech company and a partner bank, with specific provisions for handling sensitive financial data and customer authentication information, to be implemented by March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Controller to Controller DPA is essential when two organizations, each acting as independent data controllers under Philippine law, need to share personal data with each other. This agreement is specifically designed to comply with the requirements of the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations, as well as relevant National Privacy Commission (NPC) issuances. It should be used whenever two organizations need to establish a formal framework for sharing personal data while maintaining independent control over the processing activities. The agreement covers crucial aspects such as data protection responsibilities, security measures, breach notification procedures, and compliance mechanisms. It's particularly important given the strict data protection requirements in the Philippines and the potential penalties for non-compliance with data privacy regulations.
Suggested Sections

1. Parties: Identification of the data controllers entering into the agreement, including their registered addresses and company details

2. Background: Context of the data sharing relationship and purpose of the agreement

3. Definitions: Definitions of key terms used in the agreement, aligned with the Data Privacy Act of 2012

4. Scope and Purpose of Data Sharing: Details of the personal data to be shared and the specific purposes for sharing

5. Roles and Responsibilities: Specific obligations and responsibilities of each controller in relation to the shared personal data

6. Legal Basis for Processing: Identification of the legal grounds under Philippine law for processing and sharing the personal data

7. Data Protection Principles: Commitment to comply with the data protection principles under Philippine law

8. Data Subject Rights: Procedures for handling data subject requests and ensuring data subject rights are respected

9. Security Measures: Technical and organizational measures required to protect the shared personal data

10. Data Breach Notification: Procedures for notifying each other and the NPC of any personal data breaches

11. Confidentiality: Obligations to maintain confidentiality of the shared personal data

12. Term and Termination: Duration of the agreement and conditions for termination

13. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

14. General Provisions: Standard contractual provisions including severability, entire agreement, and amendments

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the Philippines, including mechanisms for ensuring adequate protection

2. Audit Rights: Include when parties require mutual audit rights to ensure compliance

3. Insurance Requirements: Include when parties need to maintain specific insurance coverage for data protection

4. Subcontracting: Include when either controller may engage subcontractors to process the shared data

5. Joint Controller Arrangements: Required when the controllers jointly determine the purposes and means of processing for certain activities

6. Costs and Fees: Include when there are specific cost-sharing arrangements for the data sharing activities

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories being shared between the controllers

2. Schedule 2 - Technical and Organizational Security Measures: Specific security measures implemented by each controller

3. Schedule 3 - Data Transfer Procedures: Detailed procedures for how data will be transferred between controllers

4. Schedule 4 - Contact Details: Contact information for key personnel, including Data Protection Officers

5. Schedule 5 - Processing Activities: Detailed description of processing activities carried out by each controller

6. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

7. Appendix B - Standard Operating Procedures: Operational procedures for day-to-day data sharing activities

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Breach Notification
Business Day
Confidential Information
Controller
Data Protection Officer
Data Subject
Data Subject Rights
Effective Date
Force Majeure Event
Information Security Incident
Implementing Rules and Regulations
Law Enforcement Request
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Processing
Privileged Information
Sensitive Personal Information
Security Measures
Shared Personal Data
Special Categories of Personal Data
Sub-processor
Technical and Organizational Measures
Term
Third Party
Transfer
Relevant Industries

Financial Services

Healthcare

Education

Technology

Telecommunications

Insurance

Government Services

Retail

E-commerce

Professional Services

Manufacturing

Hospitality

Transportation

Real Estate

Relevant Teams

Legal

Compliance

Information Security

Information Technology

Privacy

Risk Management

Data Governance

Operations

Business Development

Project Management

Systems Administration

Database Administration

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Legal Counsel

Compliance Manager

Risk Manager

Information Security Manager

Privacy Manager

Data Governance Manager

IT Director

Chief Technology Officer

Business Development Manager

Operations Manager

Project Manager

Systems Administrator

Database Administrator

Privacy Analyst

Compliance Officer

Risk Assessment Officer

Data Protection Specialist

Industries
Data Privacy Act of 2012 (Republic Act No. 10173): The primary legislation governing data privacy and protection in the Philippines, establishing the legal framework for personal data processing, rights of data subjects, and obligations of personal information controllers and processors.
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements and procedures for compliance with the law, including guidelines for data sharing agreements.
NPC Circular No. 16-02: Guidelines on Security of Personal Data in Government Agencies, which includes provisions relevant to data sharing arrangements between government agencies and other entities.
Civil Code of the Philippines (Republic Act No. 386): Provides the general framework for contracts and obligations in the Philippines, which is relevant for the contractual aspects of the data processing agreement.
NPC Advisory No. 2017-01: Designation of Data Protection Officers (DPOs), which is relevant as both controllers need to designate DPOs and include their roles in the agreement.
NPC Circular No. 2020-03: Guidelines on Personal Data Breach Management, which should be addressed in the agreement regarding breach notification obligations between controllers.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.