¶¶Òõ¶ÌÊÓƵ

All Countries
Compliance
Controller To Controller Agreement GDPR

Controller To Controller Agreement GDPR Template for Germany

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller To Controller Agreement GDPR

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller To Controller Agreement GDPR

"I need a Controller to Controller Agreement GDPR for data sharing between our German healthcare technology company and a UK-based research institution, with specific provisions for handling sensitive medical data and cross-border transfers starting March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Controller To Controller Agreement GDPR is essential when two organizations, acting as independent data controllers, need to share personal data while ensuring compliance with both EU GDPR and German data protection laws. This agreement becomes necessary when organizations need to exchange personal data for business purposes, joint ventures, service delivery, or other collaborative activities. It provides a comprehensive framework covering data protection responsibilities, security measures, breach notifications, and data subject rights handling. The agreement must comply with German federal and state data protection laws while adhering to GDPR principles. It's particularly crucial for organizations operating in Germany or processing German residents' data, as it incorporates specific national requirements alongside EU-wide obligations.
Suggested Sections

1. Parties: Identification of the data controllers entering into the agreement, including their registered addresses and company details

2. Background: Context of the data sharing arrangement, purpose of the agreement, and relationship between the parties

3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology

4. Purpose and Scope: Detailed description of the purpose of data sharing and the categories of personal data involved

5. Roles and Responsibilities: Clear delineation of each controller's role and responsibilities in the data sharing arrangement

6. Legal Basis for Processing: Specification of the legal grounds under GDPR for the data processing and sharing activities

7. Data Subject Rights: Procedures for handling data subject requests and ensuring compliance with GDPR rights

8. Security Measures: Required technical and organizational measures for data protection

9. Data Breach Notification: Procedures and timelines for notifying each other and authorities of data breaches

10. Confidentiality: Obligations regarding confidentiality of shared personal data

11. Term and Termination: Duration of the agreement and conditions for termination

12. Liability and Indemnification: Allocation of liability and indemnification obligations between the parties

13. Governing Law and Jurisdiction: Specification of German law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when personal data may be transferred outside the EEA, including safeguards and transfer mechanisms

2. Sub-processing: Include when either controller may engage sub-processors for the shared data

3. Audit Rights: Optional provisions for mutual auditing rights to ensure compliance

4. Insurance Requirements: Specific insurance obligations for data protection risks

5. Data Protection Impact Assessment: Include when high-risk processing requires coordinated impact assessments

6. Joint Controller Provisions: Required if any aspects of the processing involve joint controller responsibilities

7. Costs and Fees: Include when there are specific cost allocations for the data sharing arrangement

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories being shared

2. Schedule 2 - Processing Activities: Specific details of how each controller will process the shared data

3. Schedule 3 - Technical and Organizational Measures: Detailed security measures implemented by each controller

4. Schedule 4 - Contact Points: List of key contacts for operational matters, data breaches, and data subject requests

5. Schedule 5 - Data Transfer Procedures: Technical specifications for how data will be transferred between controllers

6. Appendix A - Standard Forms: Template forms for data breach notifications, data subject requests, and other standard communications

7. Appendix B - Sub-processor List: If applicable, current list of approved sub-processors

Authors

Alex Denne

Head of Growth (Open Source Law) @ ¶¶Òõ¶ÌÊÓƵ | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co
Relevant legal definitions










































Clauses






























Relevant Industries

Financial Services

Healthcare

Technology

E-commerce

Insurance

Telecommunications

Professional Services

Education

Manufacturing

Retail

Marketing and Advertising

Research and Development

Transportation and Logistics

Relevant Teams

Legal

Compliance

Data Protection

Information Security

Risk Management

Operations

Information Technology

Privacy

Corporate Governance

Business Development

Procurement

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Risk Manager

Chief Information Security Officer

Privacy Manager

Contract Manager

Business Development Manager

Operations Director

Chief Technology Officer

Chief Legal Officer

Data Protection Specialist

Compliance Officer

Industries







Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Agreement Data Protection

German law-governed data protection agreement regulating personal data processing between group companies, ensuring GDPR and BDSG compliance.

find out more

Data Privacy Agreement

A German law-governed agreement establishing terms for personal data processing between controller and processor, ensuring GDPR and BDSG compliance.

find out more

Joint Controller Data Processing Agreement

German law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 and BDSG requirements.

find out more

Controller To Controller Agreement GDPR

A German law-governed agreement establishing data sharing terms between two controllers under GDPR compliance requirements.

find out more

Data Controller DPA

German law-governed Data Processing Agreement establishing terms for personal data processing under GDPR and BDSG requirements.

find out more

Proprietary Data Protection Agreement

A German law-governed agreement for protecting proprietary data and ensuring compliance with GDPR, BDSG, and German Trade Secrets Act requirements.

find out more

Master Data Protection Agreement

A German law-governed data processing agreement establishing GDPR and BDSG-compliant terms between data controller and processor.

find out more

Commissioned Data Processing Agreement

A German law-governed agreement between a data controller and processor establishing terms for GDPR-compliant personal data processing.

find out more

Supplier Data Processing Agreement

A German law-governed data processing agreement between controller and processor, ensuring GDPR and BDSG compliance for supplier relationships involving personal data processing.

find out more

Data Protection Agreement For Employees

A German law-governed agreement establishing data protection rules between employer and employee under GDPR and BDSG requirements.

find out more

Data Privacy Addendum

A German law-governed addendum establishing data protection obligations and responsibilities under GDPR and BDSG requirements.

find out more

Non Disclosure Agreement Data Protection

German-law governed NDA incorporating GDPR and BDSG data protection requirements for protecting both confidential information and personal data.

find out more

Data Protection Addendum

A German law-governed agreement establishing data processing terms between controllers and processors, ensuring compliance with GDPR and German data protection requirements.

find out more

Confidentiality Agreement Data Protection

German law-governed Confidentiality Agreement with integrated GDPR and data protection provisions for secure handling of confidential information and personal data.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

³Ò±ð²Ô¾±±ð’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.

Read our Privacy Policy.