Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Data Sharing Agreement
I need a data sharing agreement that outlines the terms and conditions for sharing anonymized customer data between our company and a third-party analytics provider, ensuring compliance with Singapore's Personal Data Protection Act (PDPA) and specifying data security measures, duration of data use, and rights to terminate the agreement.
What is a Data Sharing Agreement?
A Data Sharing Agreement sets out the rules and responsibilities when organizations share personal or confidential data with each other. Under Singapore's Personal Data Protection Act (PDPA), these agreements help ensure both parties handle sensitive information properly and meet their legal obligations.
The agreement typically covers key details like what data will be shared, how it can be used, security measures required, and what happens if there's a data breach. It's particularly important for businesses working with healthcare records, financial information, or when sharing customer databases with service providers - helping protect both the organizations involved and the individuals whose data is being shared.
When should you use a Data Sharing Agreement?
Your organization needs a Data Sharing Agreement anytime you plan to exchange sensitive information with another party. This includes sharing customer databases with marketing partners, patient records between healthcare providers, or financial data with service vendors. Under Singapore's PDPA, these agreements become essential when handling personal data across organizational boundaries.
Use these agreements before starting any data transfers - especially for ongoing partnerships, joint research projects, or outsourcing arrangements. They're particularly crucial when sharing data with overseas partners, as Singapore's cross-border data transfer rules require documented safeguards. Having this agreement in place helps prevent costly data breaches and ensures compliance with privacy laws.
What are the different types of Data Sharing Agreement?
- Non Disclosure Agreement For Data Sharing: Focuses specifically on confidentiality obligations when sharing sensitive data, commonly used for initial business discussions or vendor evaluations.
- Intercompany Data Sharing Agreement: Designed for data exchanges between related companies or subsidiaries, addressing unique corporate group compliance requirements.
- Data Disclosure Agreement: Suitable for one-time or limited data transfers, with detailed terms about specific information being disclosed.
- Data Release Agreement: Used when permanently transferring data ownership or rights, often in research, acquisitions, or project handovers.
Who should typically use a Data Sharing Agreement?
- Data Controllers: Organizations that own and determine how personal data is used, including government agencies, hospitals, and financial institutions - responsible for initiating and maintaining compliance.
- Data Processors: Third-party service providers, cloud storage companies, or analytics firms that handle data on behalf of controllers under Singapore's PDPA guidelines.
- Legal Teams: In-house counsel or external lawyers who draft and review agreements to ensure compliance with Singapore's data protection laws.
- IT Departments: Technical teams responsible for implementing security measures and data handling protocols specified in the agreements.
- Compliance Officers: Professionals who monitor adherence to agreement terms and maintain records for regulatory requirements.
How do you write a Data Sharing Agreement?
- Identify Data Types: List all categories of data to be shared, including personal data, business information, or technical specifications.
- Map Data Flow: Document how data will move between parties, who can access it, and for what purposes.
- Security Requirements: Detail specific safeguards needed to comply with Singapore's PDPA, including encryption standards and access controls.
- Duration Planning: Determine how long data sharing will continue and what happens to shared data when the agreement ends.
- Compliance Check: Review Singapore's cross-border data transfer requirements if international sharing is involved.
- Emergency Procedures: Outline steps for handling data breaches and security incidents.
What should be included in a Data Sharing Agreement?
- Parties and Purpose: Clear identification of all parties and detailed description of data sharing objectives.
- Data Scope: Specific categories of data being shared, including personal data classifications under PDPA.
- Security Measures: Required safeguards, access controls, and data protection standards.
- Usage Rights: Permitted uses, restrictions, and limitations on data processing.
- Breach Protocol: Mandatory notification procedures and incident response requirements.
- Transfer Terms: Cross-border data transfer provisions compliant with Singapore regulations.
- Termination Clauses: Data deletion or return procedures upon agreement completion.
- Governing Law: Singapore law jurisdiction and PDPA compliance statement.
What's the difference between a Data Sharing Agreement and a Data Processing Agreement?
A Data Sharing Agreement differs significantly from a Data Processing Agreement, though they're often confused. While both deal with data handling, their core purposes and legal implications under Singapore's PDPA are distinct.
- Primary Purpose: Data Sharing Agreements focus on the exchange of data between independent parties who both act as data controllers, while Data Processing Agreements govern how a processor handles data on behalf of a controller.
- Control and Responsibility: In sharing agreements, both parties maintain control over their respective use of the data. Processing agreements establish a hierarchical relationship where the processor must follow the controller's instructions.
- Legal Obligations: Sharing agreements emphasize mutual responsibilities and joint compliance, while processing agreements place specific PDPA obligations on the processor to protect the controller's data.
- Scope of Use: Sharing agreements allow both parties to use data for their own purposes within agreed limits. Processing agreements restrict the processor to only handling data as specifically authorized.
Download our whitepaper on the future of AI in Legal
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.