tiktok³ÉÈË°æ

All Countries
Compliance
Controller To Controller Agreement GDPR

Controller To Controller Agreement GDPR Template for Netherlands

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller To Controller Agreement GDPR

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller To Controller Agreement GDPR

"I need a Controller to Controller Agreement GDPR for my Dutch fintech company to share customer financial data with a German credit rating agency, including cross-border transfer provisions and specific security measures for financial data, to be implemented by March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Controller to Controller Agreement GDPR is essential when two organizations, acting as independent data controllers, need to share personal data while maintaining GDPR compliance. This agreement is particularly relevant under Dutch jurisdiction and EU data protection law when both parties determine their own purposes and means of processing personal data. It should be used whenever there is systematic sharing of personal data between independent controllers, whether for business partnerships, service delivery, or collaborative projects. The agreement ensures clear allocation of responsibilities, establishes procedures for maintaining data subject rights, and includes necessary safeguards for data protection. It is designed to meet requirements of both the GDPR and Dutch national data protection laws, providing a robust framework for lawful data sharing activities.
Suggested Sections

1. Parties: Identification of the two data controllers entering into the agreement, including full legal names, registration details, and addresses

2. Background: Context of the agreement, description of data sharing relationship, and purpose of the arrangement between the controllers

3. Definitions: Definitions of key terms used in the agreement, including GDPR-specific terminology and agreement-specific definitions

4. Scope and Purpose: Detailed description of the personal data sharing activities, purposes of processing, and categories of data subjects

5. Roles and Responsibilities: Clear delineation of each controller's roles, responsibilities, and obligations under GDPR

6. Lawful Basis for Processing: Specification of the legal bases relied upon by each controller for processing personal data

7. Data Protection Principles: Commitment to GDPR principles and how they will be upheld by both parties

8. Data Subject Rights: Procedures for handling data subject requests and cooperation between controllers

9. Security Measures: Technical and organizational measures required for data protection and security

10. Data Breach Notification: Procedures for notifying each other and authorities of personal data breaches

11. Confidentiality: Obligations regarding confidentiality of shared personal data

12. Term and Termination: Duration of the agreement and conditions for termination

13. Governing Law and Jurisdiction: Specification of Dutch law as governing law and jurisdiction for disputes

14. General Provisions: Standard contractual provisions including amendments, severability, and entire agreement

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, including transfer mechanisms and safeguards

2. Industry-Specific Requirements: Additional provisions for specific sectors (e.g., healthcare, financial services) with special data protection requirements

3. Joint Processing Activities: Required when certain processing activities are conducted jointly by both controllers

4. Audit Rights: Provisions for mutual auditing of data protection compliance, if agreed between parties

5. Insurance and Liability: Specific provisions on insurance requirements and liability allocation beyond standard provisions

6. Data Protection Impact Assessments: Procedures for conducting DPIAs when required and cooperation between parties

7. Sub-processing: Rules regarding the appointment of processors by either controller, if relevant

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories being shared, including special categories if applicable

2. Schedule 2 - Processing Activities: Detailed description of processing activities, purposes, and data flows between controllers

3. Schedule 3 - Technical and Organizational Measures: Specific security measures and controls implemented by each party

4. Schedule 4 - Contact Points: List of key contacts for operational matters, data protection officers, and emergency situations

5. Schedule 5 - Data Subject Rights Procedure: Detailed procedures for handling data subject requests and cooperation between parties

6. Appendix A - Standard Contractual Clauses: If applicable for international transfers, including approved SCCs

7. Appendix B - Data Protection Impact Assessment: Summary or full DPIA if conducted for the shared processing activities

Authors

Alex Denne

Head of Growth (Open Source Law) @ tiktok³ÉÈË°æ | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co
Relevant legal definitions







































Clauses






























Relevant Industries

Financial Services

Healthcare

Technology

E-commerce

Insurance

Education

Professional Services

Telecommunications

Retail

Marketing and Advertising

Research and Development

Transportation and Logistics

Real Estate

Human Resources Services

Relevant Teams

Legal

Compliance

Data Protection

Information Security

Risk Management

Information Technology

Privacy

Regulatory Affairs

Corporate Governance

Operations

Relevant Roles

Data Protection Officer

Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Risk Manager

Privacy Manager

Chief Privacy Officer

General Counsel

IT Security Manager

Data Protection Manager

Compliance Officer

Chief Legal Officer

Chief Information Security Officer

Privacy Analyst

Data Protection Specialist

Industries






Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Data Processing Agreement

Dutch law-governed Joint Controller Data Processing Agreement establishing GDPR-compliant framework for shared data processing responsibilities.

find out more

Controller To Controller Agreement GDPR

A Dutch law-governed agreement establishing GDPR-compliant data sharing arrangements between two independent data controllers.

find out more

Dpa Data Privacy Agreement

Dutch law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.

find out more

Commissioned Data Processing Agreement

Dutch law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.

find out more

Supplier Data Processing Agreement

A Dutch law-governed data processing agreement establishing GDPR-compliant terms between a company and its supplier for personal data processing activities.

find out more

Data Privacy Addendum

A Dutch law-governed Data Privacy Addendum establishing GDPR-compliant terms for personal data processing between controllers and processors.

find out more

Non Disclosure Agreement Data Protection

Dutch law-governed NDA with enhanced data protection provisions compliant with GDPR and local privacy regulations.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

³Ò±ð²Ô¾±±ð’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.

Read our Privacy Policy.