Free template
Joint Controller Agreement
Define data protection responsibilities between parties under GDPR with this Joint Controller Agreement Template.
Downloaded 3736 times
Joint Controller Agreement Template
This Joint Controller Agreement (“Agreement”) is entered into on [Date], by and between:
Party A (Controller):
Name: __________________________
Address: __________________________
Email: __________________________
Phone: __________________________
Party B (Controller):
Name: __________________________
Address: __________________________
Email: __________________________
Phone: __________________________
Collectively referred to as the “Parties.”
1. Purpose of the Agreement
The Parties jointly determine the purposes and means of processing personal data as required under GDPR Article 26. This Agreement defines their respective obligations and responsibilities for ensuring lawful, secure, and transparent data processing.
2. Scope of Processing
The Parties will jointly process personal data for the following purposes:
[Describe purposes, e.g., marketing, research, service delivery].
Categories of data subjects include: [e.g., customers, employees, partners].
Categories of personal data include: [e.g., names, contact information, payment data].
3. Roles and Responsibilities
Party A shall be primarily responsible for [e.g., data collection and initial consent management].
Party B shall be primarily responsible for [e.g., storage, analytics, and reporting].
Both Parties share responsibility for overall compliance and shall cooperate to fulfill data subject rights requests.
4. Data Subject Rights
The Parties agree to provide transparent information to data subjects about the joint processing arrangement.
Requests for access, rectification, erasure, restriction, or portability shall be directed to [Lead Party].
The Lead Party will coordinate with the other Party to respond within GDPR-mandated timelines.
5. Security Measures
Each Party shall implement appropriate technical and organizational measures to protect personal data, including but not limited to:
Encryption and pseudonymization.
Access controls and audit logs.
Regular risk assessments and security training.
6. Data Breach Notification
Each Party must notify the other without undue delay of any personal data breach.
The Parties will jointly cooperate in assessing and reporting the breach to the relevant supervisory authority within 72 hours.
7. Liability and Indemnification
Each Party shall be liable for damages arising from its own non-compliance with this Agreement or GDPR.
If both Parties are jointly liable, they shall share liability proportionately to their level of responsibility.
8. Confidentiality
All personal data and related information must be kept confidential and accessed only by authorized personnel.
9. Term and Termination
This Agreement begins on the Effective Date and remains in force until terminated by either Party with [X days] written notice.
Upon termination, each Party shall delete or return personal data as required by law.
10. Governing Law and Jurisdiction
This Agreement shall be governed by the laws of [Jurisdiction] and subject to the exclusive jurisdiction of [Court/Authority].
11. Entire Agreement
This Agreement constitutes the entire understanding between the Parties and supersedes all prior discussions or agreements related to joint data processing.
Signatures
Party A Signature: __________________________ Date: _________
Printed Name & Title: _________________________________________
Party B Signature: __________________________ Date: _________
Printed Name & Title: _________________________________________
Details
Learn more about
Joint Controller Agreement
JOINT CONTROLLER AGREEMENT FAQ
What is a Joint Controller Agreement?
A Joint Controller Agreement is a contract required under GDPR Article 26 when two or more organizations jointly determine the purposes and means of processing personal data. It clarifies each party's responsibilities and ensures accountability.
Why is a Joint Controller Agreement important?
It protects both parties by establishing clear roles, compliance obligations, and liability terms, reducing the risk of regulatory penalties or disputes related to data privacy.
When should you use a Joint Controller Agreement?
Use this agreement when collaborating with another organization to process data, such as in co-marketing, joint product development, or shared service delivery arrangements.
What should a Joint Controller Agreement include?
It should outline the scope of processing, individual and shared responsibilities, data subject rights handling, security measures, liability, and governing law.
Does this agreement satisfy GDPR requirements?
Yes, if properly structured and transparent, it fulfills GDPR Article 26 obligations and demonstrates due diligence to regulators.
Need a customized Joint Controller Agreement?
Use our AI-powered builder to generate a compliant, tailored agreement in minutes.
Similar templates