The Controller to Controller Agreement is essential when two organizations, acting as independent data controllers, need to share personal data while maintaining GDPR compliance. This agreement is particularly relevant under Dutch law, where both the EU GDPR and the Dutch Implementation Act (UAVG) apply. It should be used whenever organizations plan to exchange personal data for specific purposes while each maintaining separate control over their processing activities. The document addresses key compliance requirements including data protection principles, security measures, breach notification procedures, and data subject rights. It's designed to provide a clear framework for data sharing activities while ensuring each controller understands and can meet their respective obligations under Dutch and EU data protection law.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train 蜜桃传媒's AI
You keep IP ownership聽of your docs
Alternatively...
1. Parties: Identification of the two data controllers entering into the agreement, including full legal names, registration numbers, and registered addresses
2. Background: Context of the data sharing arrangement, purpose of the agreement, and the relationship between the parties
3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology
4. Purpose and Scope: Detailed description of the data sharing purpose, categories of data subjects and personal data involved
5. Roles and Responsibilities: Clear delineation of each controller's obligations and responsibilities in the data sharing arrangement
6. Legal Basis for Processing: Specification of the legal grounds under GDPR Article 6 for the data processing activities
7. Data Protection Principles: Commitment to GDPR principles including lawfulness, fairness, transparency, purpose limitation, and data minimization
8. Security Measures: Required technical and organizational measures to ensure appropriate security of shared personal data
9. Data Subject Rights: Procedures for handling data subject requests and ensuring data subject rights are respected
10. Personal Data Breaches: Notification requirements and procedures in case of data breaches
11. Confidentiality: Obligations regarding confidentiality of shared personal data
12. Term and Termination: Duration of the agreement and conditions for termination
13. Governing Law and Jurisdiction: Specification of Dutch law as governing law and jurisdiction for disputes
1. International Transfers: Required when personal data will be transferred outside the EEA, including appropriate safeguards and SCCs
2. Joint Processing Activities: Needed when certain processing activities are conducted jointly by both controllers
3. Audit Rights: Optional section granting mutual rights to audit compliance with the agreement
4. Insurance: Requirements for maintaining specific insurance coverage for data protection liabilities
5. Sub-processing: Rules regarding the appointment of processors by either controller
6. Costs and Fees: Required when there are financial arrangements related to the data sharing
7. Force Majeure: Optional provisions for handling circumstances beyond parties' control
8. Assignment and Subcontracting: Rules about transferring rights under the agreement or subcontracting obligations
1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories being shared between the controllers
2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented by both parties
3. Schedule 3 - Transfer Mechanisms: Details of transfer mechanisms used for international data transfers if applicable
4. Schedule 4 - Contact Points: List of key contacts for operational, technical, and data protection matters
5. Schedule 5 - Processing Activities: Detailed description of processing activities carried out by each controller
6. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
7. Appendix B - Standard Forms: Templates for regular communications, reports, or notices between parties
Authors
Find the document you need
International Data Transfer Addendum
Dutch law-governed International Data Transfer Addendum for GDPR-compliant personal data transfers from the Netherlands/EU to non-EEA countries.
Download
Intra Group Data Processing Agreement
Dutch law-governed data processing agreement for intra-group personal data transfers and processing, ensuring GDPR compliance within corporate groups.
Download
Data Processing Contract
Dutch law-governed Data Processing Contract establishing GDPR-compliant terms between controller and processor.
Download
Controller To Controller Agreement
A Dutch law-governed agreement between two data controllers establishing terms for compliant personal data sharing under GDPR and UAVG.
Download
Joint Controller Agreement
A Dutch law-governed agreement establishing responsibilities and obligations between joint controllers under GDPR and UAVG for shared data processing activities.
Download
Data Processing Addendum
A Dutch law-governed agreement establishing GDPR-compliant terms for personal data processing between a controller and processor.
Download
Controller Processor Agreement
A Dutch law-governed agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
Download
骋别苍颈别鈥檚 Security Promise
蜜桃传媒 is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on 蜜桃传媒 is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
