Data Sharing Agreement (UK)
This Data Sharing Agreement is designed for use in situations where two data controllers wish to share personal data.
This document has been updated for compatibility with the UK GDPR. It is ready for use from the start of 2021.
The sharing is envisaged to be one-way; however, unlike a data processing agreement, the recipient of the data is a data controller and is not acting under the instructions of, or on behalf of, the disclosing party.
Please note that this document is not suitable if one party is to process personal data on behalf of another. A data processing agreement is required for such situations.
This document is designed for use between two UK-based data controllers. The applicable data protection legislation is defined as the Data Protection Act 2018 and the UK GDPR (the EU GDPR retained in UK law, with some amendments, by the European Union (Withdrawal) Act 2018).
Under this Data Sharing Agreement, while the “receiving party” is not instructed by the “disclosing party”, the purposes for which the shared personal data should nevertheless be tightly defined so as to ensure that excessive personal data is not shared, and that that which is shared is used appropriately. Both parties should be very clear on the reasons for the personal data sharing, and what it is expected to achieve. This should be negotiated and agreed prior to signing, then reviewed regularly one the agreement comes into force. The personal data to be shared should also be defined in detail using the schedule provided.
This agreement sets out the respective obligations of the parties, addressing key areas including compliance with the data protection legislation, the fair and lawful processing of personal data, the rights of data subjects, data retention and erasure, the transfer of the shared personal data, the all-important requirement to implement “appropriate technical and organisational measures” to protect the data, and the handling of personal data breaches.
Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.
This Data Sharing Agreement contains the following clauses:
1. Definitions and Interpretation
2. Stated Purposes
3. Data Protection Compliance
4. The Shared Personal Data
5. Shared Personal Data – Fair and Lawful Processing
6. The Rights of Data Subjects
7. Data Retention and Deletion and/or Disposal
8. Shared Personal Data Transfers
9. Shared Personal Data Security
11. Personal Data Breaches
12. Term, Review, and Termination
13. Resolution of Disputes with Data Subjects or the Supervisory Authority
16. Limitation of Liability
17. No Partnership or Agency
18. Non-Assignment of Agreement
19. Entire Agreement
21. No Waiver
24. Third Party Rights
26. Law and Jurisdiction
and the following schedules:
1. Shared Personal Data and Stated Purposes
2. Technical and Organisational Data Protection Measures
This Data Sharing Agreement is in open format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.