Search Sign in Create document
Templates

Data Sharing Agreement Template

A data sharing agreement is a contract that should be put in place where personal data is shared between two parties, and those parties are both controllers of the personal data. Read more
Legislation GB-EAW
Topics
Confidentiality, privacy, & intellectual property
Updated by a lawyer: 11 Oct 2024

What is this data sharing agreement template?

The basics: A data sharing agreement is a contract between two parties that governs the sharing of personal data between those two parties. The agreement will cover what personal data will be shared, how it will be used and for what purpose, who will have access to it, and how it will be protected.

Controller to controller: This data sharing agreement template covers the sharing of personal data between two parties when they are both acting as independent controllers. An independent controller is a person or organisation that determines the purposes and means of processing personal data (a processor, on the other hand, is a person or organisation that processes personal data on behalf of an independent controller). If you are sharing data between a controller and a processor, please use our data processing agreement instead. Find out more about data processing agreements here

How can I benefit from using this data sharing agreement template?

Protect your business and relationships: Putting in place a data sharing agreement can bring a number of clear benefits to your business:

  1. Clear terms: A data sharing agreement can help clarify the terms and conditions that relate to data sharing between organisations, reducing the risk of misunderstandings or disputes in the future.
  2. Be compliant: A data sharing agreement can help ensure compliance with data protection laws, reducing the risk of legal claims, ICO investigations or reputational damage.
  3. Protect the personal data: A data sharing agreement can help protect the data being shared by including clear provisions relating to data protection, confidentiality, and security measures to prevent unauthorised access or use of the data.
  4. Enhance collaboration: A data sharing agreement can facilitate collaboration between parties, enabling them to work together more effectively and efficiently.

What do I need to know about the ICO data sharing code of practice?

Statutory code: The ICO (Information Commissioner's Office) data sharing code of practice is a statutory code of practice (made under section 121 of the Data Protection Act 2018) that provides guidance to organisations on when and how to share personal data between them. It aims to ensure that data sharing is only taking place when necessary, and where it is carried out that it is done so in compliance with data protection laws.

Key aspects: The code sets out principles that should be adhered to when sharing personal data with another organisation, as well as details about what a data sharing agreement should include. Some of the areas covered by the code are:

  • How to consider the benefits and risks of sharing and not sharing personal data - any sharing of personal data must be reasonable and proportionate and individuals must know what is happening to their data and why;
  • How the data protection principles can be applied to data sharing - the code states that the “importance of accountability cannot be overstated”, so each organisation has consideration to its own compliance with data protection principles when sharing personal data;
  • How to ensure the data sharing is done in a fair and transparent manner - ethical factors should be taken into consideration when deciding whether to share personal data including considering “whether it is right to share it”; and
  • What to include in a data sharing agreement - it is best practice (and mandatory in some cases) to have a data sharing agreement in place. The ICO will take into account the existence of any relevant data sharing agreement when assessing any complaint received by data subjects.

What does a data sharing agreement need to include?

Data sharing particulars: The ICO data sharing code of practice states that details of the data sharing initiative should be included in a data sharing agreement. This should include:

  • the purpose of the data sharing, including the specific aims you have, why the data sharing is necessary to achieve those aims and the benefits you hope to bring to individuals or to society more widely;
  • the types of data you are intending to share;
  • your lawful basis for sharing data - the lawful basis for one organisation in a data sharing arrangement might not be the same as that for the other one; and
  • if the data you are sharing contains special category data or criminal offence data under the UK GDPR, or there is sensitive processing within the meaning of Part 3 of the DPA 2018, you must document the relevant conditions for processing as well (i.e. the additional lawful bases for processing these types of data).

Other key content: Docue’s dynamic data sharing agreement template also includes the option to include information about the following topics:

  • Single point of contact - a contact at each organisation who is responsible for the data sharing initiative. This is recommended by the ICO code;
  • Security measures - jointly agreed security standards and measures to protect the shared personal data;
  • Agreed ways of working - such as implementing staff training and regularly reviewing the data sharing initiative;
  • Breach reporting - agreed timeframes for reporting breaches relating to the shared personal data;
  • Data subject requests - a clear process for dealing with data subject requests that relate to the shared personal data;
  • Liability - optional clauses to cap liability for breach of the data sharing agreement; and
  • Indemnity - an optional contractual promise to pay where there are losses arising from a breach of the agreement by the other party.

Why Docue?

Created by lawyers: This data sharing agreement template has been drafted by, and is maintained by, expert privacy lawyers. Our lawyer-crafted guidelines provide you with the support you need to be correctly guided through every stage of the drafting process.

Manage your contracts: Our cutting-edge technology combined with our lawyer-made document content allows you to create, customise, e-sign, store and manage your contracts all in one place with just a few clicks. Signatures can be collected electronically, and all contracts you make are saved in your company's own secure account, Docue Drive.

Tags: data sharing agreement, data sharing agreement template, ICO data sharing code, independent controllers, controller to controller, UK GDPR. data protection compliance

Related legal templates

Data Processing Agreement Data Protection Policy Privacy Notice (Website)

Related articles

Checklist: what to include in your website privacy notice to comply with the UK GDPR Data Protection Policy UK: Everything you need to know Due diligence for controllers: What you need to do when appointing a processor (including tips for your data protection agreement) Everything you need to know about data processing agreements, including the key clauses to include Protecting your business: a guide to compliant data protection documents (Incl. lawyer-drafted templates)
Legislation GB-EAW
Topics
Confidentiality, privacy, & intellectual property
Updated by a lawyer: 11 Oct 2024

Docue gives you access to 150+ high-quality legal templates drafted and maintained by UK lawyers. Trusted by 100,000+ companies.

"We needed an instant fix for writing contracts and looked around at alternatives, but Docue was superior. Easy to engage with and a wide range of templates."

Darrell Arnold

Founder & CEO, Servicedek

"Docue gave us professional contracts that we know are legally written, and cover us in a way that's easy for a non-expert to understand."

Andrew Cowen

Chief Commercial Officer, Komerz

News

Go to news

Docue’s Vision in Action: Introducing the New Dashboard to Simplify Your Legal Workflow

At Docue, we believe handling legal documents should be straightforward and stress-free. That’s why we’ve designed our platform to integrate top-tier legal expertise with simple, intuitive contract lifecycle management (CLM) tools. This vision has led to our latest update, the Docue Dashboard, built entirely around the needs of our users.

Ashleigh Evans

8.11.2024

Webinar Recap: Navigating SaaS Contracts and IP Protection - Essential Tips for Tech Entrepreneurs

In September, we hosted a highly insightful webinar titled "Navigating SaaS Contracts and IP Protection: Essential Tips for Tech Entrepreneurs." Led by our legal experts, Ashleigh Evans (Legal Counsel at Docue UK) and Heather Stark (Head of Legal at Docue UK), the session provided invaluable guidance on crucial legal aspects of SaaS agreements and intellectual property protection.

Heather Stark

23.10.2024

Navigating the Online Safety Act: what businesses need to know

For businesses operating in the digital space, staying ahead of legislative changes is critical. The new Online Safety Act (“the Act”), a landmark piece of legislation, is set to transform how businesses manage online content and user safety. Designed to create a safer online environment, this Act imposes new responsibilities on businesses that operate online platforms, services and applications. In this blog, we'll break down the key elements of the Online Safety Act, explore its implications for digital businesses and provide guidance on how you can prepare for compliance.

Heather Stark

16.9.2024