All Countries
Compliance
Controller To Controller Agreement Gdpr

Controller To Controller Agreement Gdpr Template for United States

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller To Controller Agreement Gdpr

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller To Controller Agreement Gdpr

"I need a Controller to Controller Agreement GDPR for my US-based healthcare technology company to share patient data with a research institute in California, ensuring compliance with both GDPR and HIPAA requirements, with the agreement to be effective from March 1, 2025."

Celebrated by
Collaborations with
Investors
Document background
The Controller To Controller Agreement GDPR is essential for organizations that share personal data while acting as independent data controllers under the EU General Data Protection Regulation (GDPR). This agreement is particularly relevant when both parties are based in or operating under United States law while handling European personal data. It establishes the framework for lawful data sharing, defines each party's responsibilities, ensures GDPR compliance, and incorporates necessary safeguards for international data transfers. The agreement is crucial for organizations needing to demonstrate compliance with GDPR Article 26 requirements while operating within the US legal framework, including considerations for state-specific privacy laws and the EU-US Data Privacy Framework.
Suggested Sections

1. Parties: Identification of the data controllers and their registered offices

2. Background: Context of the data sharing relationship and purpose of the agreement

3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology

4. Scope and Purpose: Details of the data sharing activities and legitimate purposes for processing

5. Roles and Responsibilities: Clear delineation of each controller's obligations and responsibilities

6. Legal Basis for Processing: Specification of the legal grounds under GDPR Article 6 for the data processing

7. Data Protection Principles: Commitment to GDPR principles including lawfulness, fairness, and transparency

8. Data Subject Rights: Procedures for handling data subject requests and ensuring rights are respected

9. Security Measures: Technical and organizational measures required to ensure data security

10. Data Breach Notification: Procedures for notifying each other and authorities of data breaches

11. Confidentiality: Obligations regarding confidentiality of shared personal data

12. Term and Termination: Duration of the agreement and conditions for termination

13. Liability and Indemnification: Allocation of liability and indemnification obligations

14. Governing Law and Jurisdiction: Specification of applicable law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when personal data is transferred outside the EEA, including transfer mechanisms and safeguards

2. Sub-processing: Include when either controller may engage sub-processors for data processing activities

3. Audit Rights: Optional section detailing audit procedures when regular compliance verification is required

4. Insurance: Include when specific insurance coverage for data protection is required

5. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals

6. Joint Controller Provisions: Include when parties are acting as joint controllers for certain processing activities

7. US State Privacy Law Compliance: Include when processing involves data subjects from specific US states with privacy laws

Suggested Schedules

1. Schedule 1 - Details of Processing: Detailed description of data processing activities, categories of data subjects and personal data

2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented by both controllers

3. Schedule 3 - Transfer Mechanisms: Details of international transfer mechanisms including SCCs if applicable

4. Schedule 4 - Contact Points: Key contacts for operational matters, data protection officers, and breach notification

5. Schedule 5 - Sub-processors: List of approved sub-processors and process for adding new ones

6. Appendix A - Data Subject Rights Procedure: Detailed procedures for handling data subject requests

7. Appendix B - Breach Response Plan: Detailed procedures for responding to and managing data breaches

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Binding Corporate Rules
Business Purpose
California Consumer Privacy Act
Confidential Information
Controller
Data Protection Impact Assessment
Data Protection Laws
Data Security Breach
Data Subject
Data Subject Rights
Effective Date
EU-US Data Privacy Framework
European Economic Area
GDPR
Information Commissioner's Office
International Transfer
Law Enforcement Request
Material Change
Personal Data
Personal Data Breach
Processing
Processor
Recipient Controller
Regulatory Authority
Representatives
Restricted Transfer
Security Measures
Sensitive Personal Data
Services
Standard Contractual Clauses
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Party
Transfer Mechanism
Transferring Controller
Clauses
Definitions
Interpretation
Scope of Processing
Data Protection Compliance
Controller Obligations
Data Transfers
Security Requirements
Confidentiality
Data Subject Rights
Breach Notification
Audit Rights
Liability
Indemnification
Insurance
Term and Termination
Force Majeure
Assignment
Notices
Amendments
Severability
Entire Agreement
Governing Law
Dispute Resolution
Third Party Rights
Counterparts
Data Protection Impact Assessment
Sub-processing
Joint Controller Arrangements
Technical Measures
Organizational Measures
International Transfer Safeguards
Regulatory Compliance
Record Keeping
Representations and Warranties
Relevant Industries

Technology

Healthcare

Financial Services

E-commerce

Professional Services

Education

Insurance

Marketing and Advertising

Telecommunications

Research and Development

Consulting

Manufacturing

Retail

Transportation and Logistics

Relevant Teams

Legal

Compliance

Information Security

Privacy

Information Technology

Risk Management

Data Governance

Corporate Affairs

Operations

Information Management

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Legal Officer

Privacy Counsel

Compliance Manager

Information Security Officer

Chief Technology Officer

Chief Information Officer

Data Governance Manager

Privacy Program Manager

Legal Counsel

Risk Management Director

Compliance Director

Data Protection Manager

Privacy Operations Manager

Industries
General Data Protection Regulation (GDPR): Primary EU data protection law that sets requirements for data processing and transfer, including controller-to-controller relationships (Articles 6, 26, 28, 44-50)
EU-US Data Privacy Framework (DPF): Framework governing trans-Atlantic data transfers between the EU and US, replacing Privacy Shield, essential for legal data transfers
California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): California's comprehensive privacy law that may affect data handling if either controller processes California residents' data
Virginia Consumer Data Protection Act (VCDPA): Virginia's privacy law with specific requirements for data controllers and processors, including data protection assessments
Colorado Privacy Act (CPA): Colorado's privacy law imposing obligations on controllers and processors, including transparency requirements
Federal Trade Commission Act: Federal law enforced by the FTC regarding unfair or deceptive practices, including privacy and data security practices
Standard Contractual Clauses (SCCs): EU Commission-approved contractual templates for international data transfers between controllers
Binding Corporate Rules (BCRs): Internal rules for data transfers within multinational companies, if applicable to the controllers
Sectoral Privacy Laws: Industry-specific regulations like HIPAA (healthcare), GLBA (financial), or FERPA (education) that may apply depending on data types
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Controller To Controller Agreement Gdpr

A US law-governed agreement establishing GDPR-compliant data sharing arrangements between independent data controllers handling EU personal data.

find out more

Personal Data Sharing Agreement

A US-compliant agreement governing the sharing of personal data between organizations, ensuring privacy law compliance and data protection.

find out more

Office Sharing Agreement

A U.S.-compliant legal agreement establishing terms for sharing office space between multiple parties, including space allocation, costs, and usage rights.

find out more

Data Exchange Agreement

A U.S.-governed agreement that establishes terms and conditions for sharing data between parties while ensuring regulatory compliance.

find out more

Third Party Data Sharing Agreement

A U.S.-compliant legal agreement governing the sharing and protection of data between organizations.

find out more

Content Sharing Agreement

A U.S.-governed agreement establishing terms for sharing and distributing digital content between parties, including rights, permissions, and compliance requirements.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.

Draft quality legal agreements or review documents in 3 minutes

Try for free
BlogAbout UsCareers🌎 Global Site

Templates

Commercial

B2B Suppliers ContractStandard salesSponsorship ContractIT Outsourcing AgreementCommercial Reservation of Rights LetterLoan Note InstrumentCommercial Contract Templates

Employment

Consultancy AgreementFounder service agreementShareholder Agreement for EmployeesAdvisor agreementEmployee EMI Option PlanStandard Directors Service AgreementEmployment Contract Templates

IP

Trade Mark AssignmentIntellectual Property AssignmentSoftware Service Level AgreementSoftware Pilot Evaluation LicenceSAAS Subscription AgreementIP Rights License IP Agreement Templates

Administration

Cloud Computing PolicyBackup PolicyVirus Protection PolicyEqual Opportunities PolicyEnvironmental PolicyAdministration Legal Templates

Finance

Short-Form Directors Loan AgreementMandate Letter (Best Efforts)Drawdown Request (Borrower to Lender)Buyback AgreementPromissory Note (UK)Letter of Waiver (Loan)Finance Legal Templates

R&D

Consortium AgreementVariation to Consortium AgreementEquipment Loan AgreementCommercial R&D AgreementMaterials transfer agreementR&D Legal Templates

Industries

Legal Services

Limited Power of AttorneyBasic Binding Side LetterLetter of IntentNon Binding Comfort LetterContract For Employing A Salaried Partner Deed of Surrender (Lease)Templates for Lawyers

Manufacturing

Consignment ContractStandard Exclusive Distribution Agreement (UK)Intercompany Services Agreement Standard Directors Service AgreementConditions of Supply Memorandum of Understanding Manufacturing Legal Templates

Construction

Vesting CertificateLetter of Claim (Pre-Action Protocol)Tenancy at WillSection 146 Notice (Remedy Breach of Lease)Notice Of Forfeiture Of Lease By LandlordLease Report (Long Form)Construction Legal Templates

Solutions

Use Cases

Company Types

Comparisons

Business Categories

Teams

Information

© 2024 Genie AI Ltd. All rights reserved