This document is essential when two or more organizations act as joint controllers in processing personal information under Canadian privacy law. A Joint Controller Data Sharing Agreement becomes necessary when organizations share decision-making authority over the purposes and means of data processing, requiring clear delineation of responsibilities and compliance obligations. It addresses requirements under PIPEDA and provincial privacy laws, establishing protocols for data security, breach notification, and individual rights management. This agreement is particularly crucial in complex data sharing arrangements where multiple parties have equal standing in determining how personal information is handled, such as research partnerships, shared services arrangements, or joint ventures. The agreement helps organizations demonstrate accountability and compliance with Canadian privacy principles while providing a clear framework for cooperation and risk management.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the joint controllers entering into the agreement
2. Background: Context of the data sharing arrangement and relationship between the parties
3. Definitions: Definitions of key terms used throughout the agreement, including relevant terms from PIPEDA and applicable privacy laws
4. Scope and Purpose: Definition of the specific purposes for data sharing and the scope of joint processing activities
5. Roles and Responsibilities: Detailed breakdown of each controller's obligations and responsibilities in the joint arrangement
6. Legal Basis for Processing: Identification of the legal grounds for processing personal information under Canadian privacy laws
7. Data Protection Principles: Commitment to and implementation of fundamental data protection principles under Canadian law
8. Security Measures: Technical and organizational measures required to protect personal information
9. Data Breach Notification: Procedures for handling and reporting privacy breaches between parties and to authorities
10. Individual Rights: Procedures for handling data subject requests and ensuring compliance with individual rights
11. Term and Termination: Duration of the agreement and conditions for termination
12. Liability and Indemnification: Allocation of liability between joint controllers and indemnification provisions
13. Governing Law and Jurisdiction: Specification of Canadian law as governing law and jurisdiction for disputes
1. Cross-border Data Transfers: Required when personal information will be transferred outside of Canada
2. Sector-Specific Requirements: Include when dealing with regulated sectors such as healthcare or financial services
3. Audit Rights: Optional provisions for mutual audit rights between controllers
4. Insurance Requirements: Specific insurance obligations for high-risk processing activities
5. Data Retention and Disposal: Specific requirements for retention periods and secure disposal methods
6. Subprocessing: Required when either controller may engage subprocessors
7. Force Majeure: Optional provisions for handling circumstances beyond parties' control
1. Schedule A - Categories of Personal Information: Detailed list of personal information types being shared
2. Schedule B - Technical and Security Requirements: Specific security measures and technical requirements for data sharing
3. Schedule C - Data Processing Activities: Detailed description of processing activities carried out by each controller
4. Schedule D - Contact Points and Escalation Procedures: Key contacts and procedures for operational and emergency situations
5. Schedule E - Privacy Impact Assessment: Summary of privacy impact assessment findings and mitigation measures
6. Appendix 1 - Standard Operating Procedures: Detailed procedures for day-to-day operations and data handling
7. Appendix 2 - Breach Response Plan: Detailed procedures for responding to and managing data breaches
Find the exact document you need
Data Privacy Agreement
A Canadian-law governed agreement establishing terms for personal data handling and privacy compliance under PIPEDA and provincial privacy laws.
Download
Joint Controller Data Processing Agreement
A Canadian-law governed agreement establishing roles and responsibilities between joint controllers for personal information processing under PIPEDA and provincial privacy laws.
Download
DPA Data Protection Agreement
A Canadian Data Protection Agreement governing the processing of personal information under federal and provincial privacy laws, establishing data handling requirements between organizations.
Download
Joint Controller Data Sharing Agreement
A Canadian law-compliant agreement establishing shared responsibilities between joint controllers for personal data processing and protection.
Download
Data Protection Addendum
A Canadian-law governed Data Protection Addendum that establishes privacy compliance requirements between parties processing personal information under PIPEDA and provincial privacy laws.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)