Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Accountability Agreement
I need an accountability agreement that outlines the responsibilities and expectations between our organization and a partner NGO, focusing on project deliverables, timelines, and reporting mechanisms. The document should include provisions for quarterly reviews, conflict resolution procedures, and a clause for termination with a 30-day notice period.
What is an Accountability Agreement?
An Accountability Agreement sets clear rules and responsibilities between organizations that handle personal data together under Dutch privacy law (AVG/GDPR). It's commonly used when multiple parties need to process data and want to formally establish who's responsible for what.
These agreements spell out which party acts as the main data controller, who needs to respond to privacy requests, how to handle data breaches, and what security measures each organization must take. Dutch regulators expect to see these agreements in place, especially in healthcare, government partnerships, and shared service arrangements where sensitive information flows between different entities.
When should you use an Accountability Agreement?
Companies need an Accountability Agreement when they team up with other organizations to process personal data in the Netherlands. This often comes up in joint ventures, shared IT services, or when working with external HR providers who handle employee information. The agreement becomes essential once multiple parties start accessing or managing the same data sets.
Dutch organizations particularly benefit from these agreements when launching new collaborative projects, merging departments, or outsourcing services that involve personal data. For example, healthcare providers working with external labs, municipalities sharing citizen data with service providers, or educational institutions using third-party learning platforms all need clear accountability structures in place.
What are the different types of Accountability Agreement?
- Basic Two-Party Agreement: Most common type for straightforward data sharing between two Dutch organizations, covering essential GDPR requirements and basic accountability measures
- Multi-Party Framework: Used when three or more organizations share data processing responsibilities, with detailed matrices showing each party's specific duties
- Sector-Specific Agreement: Tailored versions for healthcare, education, or government entities, incorporating industry-specific privacy requirements and Dutch regulatory standards
- Controller-Processor Agreement: Detailed version focusing on relationships where one party clearly controls data while others process it under strict instructions
Who should typically use an Accountability Agreement?
- Data Controllers: Organizations that determine why and how personal data is processed, often large companies or government agencies initiating data sharing projects
- Data Protection Officers: Privacy professionals who review and help implement Accountability Agreements to ensure GDPR compliance
- Legal Teams: In-house or external lawyers who draft and customize these agreements to match specific organizational needs
- IT Managers: Technical leads who implement the security measures and data handling procedures outlined in the agreement
- Compliance Officers: Professionals who monitor adherence to the agreement's terms and report to Dutch data protection authorities
How do you write an Accountability Agreement?
- Data Mapping: Identify all personal data types being shared, who has access, and how it flows between organizations
- Role Definition: Clarify each party's responsibilities as controller or processor under Dutch privacy law
- Security Measures: Document specific technical and organizational safeguards for protecting shared data
- Response Procedures: Establish clear protocols for handling data breaches and privacy requests
- Contact Details: List key personnel responsible for privacy matters at each organization
- Legal Review: Use our platform to generate a compliant agreement that includes all mandatory Dutch GDPR requirements
What should be included in an Accountability Agreement?
- Party Identification: Full legal names and roles (controller/processor) of all participating organizations
- Data Scope: Detailed description of personal data types, processing purposes, and data subject categories
- Security Measures: Specific technical and organizational safeguards meeting Dutch GDPR standards
- Breach Protocol: Clear procedures for notification and handling of data incidents
- Rights Management: Process for handling data subject requests and exercise of privacy rights
- Liability Distribution: Clear allocation of responsibilities and consequences for non-compliance
- Duration Terms: Agreement period, termination conditions, and data handling after expiration
What's the difference between an Accountability Agreement and an Agency Agreement?
An Accountability Agreement differs significantly from an Agency Agreement in how they handle responsibility and data protection under Dutch law. While both documents establish relationships between organizations, their core purposes and legal implications are quite distinct.
- Purpose and Scope: Accountability Agreements focus specifically on GDPR compliance and data protection responsibilities between parties sharing personal data. Agency Agreements, in contrast, establish broader business representation rights and duties.
- Legal Requirements: Accountability Agreements must meet strict Dutch privacy law requirements and include specific data protection clauses. Agency Agreements follow general contract law principles with fewer mandatory elements.
- Agency Agreement: Primarily deals with one party acting on behalf of another in business matters, while Accountability Agreements focus exclusively on data processing responsibilities and privacy compliance.
- Enforcement Context: Accountability Agreements are overseen by data protection authorities and carry specific GDPR-related penalties. Agency Agreements are enforced through standard contract law mechanisms.
Download our whitepaper on the future of AI in Legal
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.