The Data Controller to Data Controller Agreement is essential when two organizations need to share personal data while maintaining independent control over their respective data processing activities. This agreement is particularly crucial in the Indian legal context, where data protection requirements are governed by the Information Technology Act 2000 and its associated rules, with additional compliance considerations for the upcoming Digital Personal Data Protection Act 2023. The document addresses key aspects including data sharing protocols, security measures, breach notifications, and liability allocation between controllers. It is specifically designed for situations where both parties act as data controllers and have equal responsibility for data protection compliance. The agreement includes provisions for maintaining data security, ensuring transparency, and protecting data subject rights while facilitating necessary business operations and data sharing between the parties.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train 蜜桃传媒's AI
You keep IP ownership聽of your docs
Alternatively...
1. Parties: Identification of the data controllers entering into the agreement, including their registered addresses and company details
2. Background: Context of the data sharing relationship and purpose of the agreement
3. Definitions: Detailed definitions of key terms used in the agreement, including technical terms and those defined under Indian law
4. Scope and Purpose: Detailed description of the data sharing arrangement and legitimate purposes for data processing
5. Roles and Responsibilities: Specific obligations of each controller regarding data collection, processing, and sharing
6. Legal Basis for Processing: Establishment of legal grounds for data processing and sharing under Indian law
7. Data Protection Compliance: Commitments to comply with Indian data protection laws and implementation of required safeguards
8. Security Measures: Technical and organizational security measures required for data protection
9. Data Breach Notification: Procedures for handling and notifying data breaches
10. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights
11. Confidentiality: Obligations regarding confidentiality of shared data
12. Liability and Indemnification: Allocation of liability and indemnification obligations between controllers
13. Term and Termination: Duration of the agreement and conditions for termination
14. Post-Termination Obligations: Obligations regarding data handling after agreement termination
15. Governing Law and Jurisdiction: Specification of Indian law as governing law and jurisdiction for disputes
1. Cross-Border Data Transfers: Required if data will be transferred outside India, specifying compliance with data localization requirements
2. Audit Rights: Optional section for mutual audit rights to ensure compliance
3. Insurance: Requirements for insurance coverage, if needed for high-risk data processing
4. Force Majeure: Provisions for unforeseen circumstances affecting data processing operations
5. Sub-processing: Terms for engaging sub-processors, if allowed
6. Dispute Resolution: Alternative dispute resolution mechanisms like arbitration or mediation
7. Data Localization Compliance: Specific provisions for compliance with RBI or other sectoral data localization requirements
1. Schedule 1 - Categories of Data: Detailed list of personal data categories being shared
2. Schedule 2 - Purpose and Legal Basis: Detailed description of processing purposes and legal basis for each data category
3. Schedule 3 - Technical and Organizational Measures: Specific security measures and controls implemented by both parties
4. Schedule 4 - Data Breach Response Plan: Detailed procedures for handling data breaches
5. Schedule 5 - Contact Details: Key contacts for operational, legal, and breach notification purposes
6. Schedule 6 - Processing Activities: Detailed record of processing activities as required by law
7. Appendix A - Data Flow Diagram: Visual representation of data flows between controllers
8. Appendix B - Security Standards Compliance: Documentation of compliance with required security standards
Authors
Find the document you need
Pre Negotiation Agreement
An Indian law-governed agreement establishing confidentiality and framework for business negotiations, with binding and non-binding elements.
Download
Controller To Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between independent data controllers, ensuring compliance with DPDP Act 2023.
Download
Joint Controller Data Processing Agreement
An Indian law-compliant agreement establishing roles and responsibilities between joint controllers for personal data processing activities.
Download
Data Addendum
An Indian law-governed document that sets out data processing terms and compliance requirements under Indian data protection legislation.
Download
International Data Protection Agreement
An Indian law-governed agreement regulating international personal data transfers and processing, ensuring compliance with India's data protection regulations.
Download
Intra Group Data Transfer Agreement
A comprehensive agreement governing intra-group data transfers in India, ensuring compliance with Indian data protection laws and establishing data handling protocols between group entities.
Download
Data Controller To Data Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between two independent data controllers, ensuring compliance with Indian data protection regulations.
Download
Commissioned Data Processing Agreement
An Indian law-governed agreement establishing terms for commissioned data processing, ensuring compliance with Indian data protection regulations.
Download
Intercompany Data Processing Agreement
An Indian law-governed agreement regulating intra-group personal data processing activities, ensuring compliance with Indian data protection regulations.
Download
DPA Agreement
An Indian law-compliant agreement governing the processing of personal data between a controller and processor, ensuring compliance with the Digital Personal Data Protection Act, 2023.
Download
Data Transfer Addendum
A legal addendum governing data transfers under Indian law, ensuring compliance with the DPDP Act 2023 and establishing data protection requirements between parties.
Download
Personal Data Protection Agreement
Indian law-compliant Personal Data Protection Agreement governing the processing of personal data between parties under DPDP Act 2023.
Download
Data Protection Agreement For Employees
An India-compliant agreement governing the protection and processing of employee personal data under Indian data protection laws.
Download
Affiliate Addendum
An India-compliant addendum governing affiliate marketing relationships, specifying commission structures and regulatory compliance requirements under Indian law.
Download
Data Privacy Addendum
An Indian law-compliant addendum governing personal data processing and protection obligations between contracting parties.
Download
Sub Processing Agreement
An Indian law-compliant agreement governing data handling between a processor and sub-processor, ensuring adherence to Indian data protection regulations.
Download
International Data Transfer Agreement
An Indian law-governed agreement for secure and compliant international transfer of personal data, ensuring adherence to the Digital Personal Data Protection Act, 2023.
Download
Data Protection Addendum
A legal document under Indian law that sets out data protection obligations and requirements between parties handling personal data, ensuring compliance with the DPDP Act 2023.
Download
骋别苍颈别鈥檚 Security Promise
蜜桃传媒 is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on 蜜桃传媒 is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
