Intercompany Data Transfer Agreement Template for United States

An Intercompany Data Transfer Agreement is a legally binding document governed by United States federal and state laws that establishes the terms and conditions for transferring personal data between entities within the same corporate group. It ensures compliance with data protection regulations, including state-specific laws like CCPA, federal regulations, and international requirements where applicable. The agreement defines security measures, responsibilities, and obligations of both the data exporter and importer.

Generate a Bespoke Document

1. Select your governing law:

2. Enter your key requirements:

Download a Standard Intercompany Data Transfer Agreement

Download a United States-compliant Intercompany Data Transfer Agreement or see Genie's full template library.

Get template free

Review your own Intercompany Data Transfer Agreement

Let Genie AI identify missing terms, unusual language, compliance issues and more.

Upload to review

Your data doesn't train Genie's AI

You keep IP ownership of your docs

4.6 / 5

4.8 / 5

What is a Intercompany Data Transfer Agreement?

The Intercompany Data Transfer Agreement is essential when companies need to share personal data between different legal entities within their corporate structure. This document becomes necessary when organizations operate across multiple jurisdictions within the United States or internationally and need to ensure compliant data transfers. It addresses requirements under US federal and state privacy laws, including CCPA, HIPAA, and other sector-specific regulations, while also considering international data protection requirements where applicable. The agreement provides a framework for maintaining data protection standards and defining responsibilities between affiliated companies.

What sections should be included in a Intercompany Data Transfer Agreement?

1. Parties: Identification of the data exporter and data importer companies, including registration details

2. Background: Context of the agreement and relationship between the parties

3. Definitions: Key terms used throughout the agreement including 'Personal Data', 'Processing', 'Transfer', etc.

4. Subject Matter and Purpose: Details of data transfers, including categories of data and purposes of processing

5. Data Protection Obligations: Core obligations regarding data handling, security measures, and compliance requirements

6. Security Measures: Technical and organizational measures for data protection

7. Data Breach Notification: Procedures for handling and reporting data breaches

8. Term and Termination: Duration of agreement and termination conditions

What sections are optional to include in a Intercompany Data Transfer Agreement?

1. Cross-Border Transfer Mechanisms: Specific provisions for international transfers when data is transferred outside the US

2. Sub-processing: Rules for engaging sub-processors when third-party processing is anticipated

3. Industry-Specific Provisions: Additional requirements for specific sectors when handling regulated data (healthcare, financial, etc.)

What schedules should be included in a Intercompany Data Transfer Agreement?

1. Schedule 1 - Details of Processing: Detailed description of data transfers, categories, purposes

2. Schedule 2 - Security Measures: Detailed technical and organizational measures

3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors (if applicable)

4. Appendix A - Standard Contractual Clauses: SCCs if required for international transfers

5. Appendix B - Data Processing Agreement: Detailed processing terms if required by applicable law

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents

Cost

Free to use

Find the exact document you need

No matches found.