This Joint Controller Data Processing Agreement is essential when two or more parties jointly determine the purposes and means of processing personal data under Dutch jurisdiction. It's specifically required to comply with Article 26 of the GDPR and Dutch data protection law (UAVG), ensuring proper allocation of responsibilities and transparent communication to data subjects. The agreement should be used when organizations share decision-making authority over data processing activities, such as in joint ventures, shared platforms, or collaborative projects. It includes crucial provisions for privacy compliance, security measures, liability allocation, and operational procedures, while addressing specific Dutch legal requirements and regulatory guidance from the Autoriteit Persoonsgegevens.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the joint controllers entering into the agreement
2. Background: Context of the joint processing activities and relationship between the parties
3. Definitions: Definitions of key terms, including those from GDPR and Dutch law
4. Scope and Purpose: Description of joint processing activities and their purposes
5. Roles and Responsibilities: Allocation of responsibilities between joint controllers as required by GDPR Article 26
6. Data Subject Rights: Procedures for handling data subject requests and ensuring GDPR rights
7. Transparency: Requirements for informing data subjects about joint processing arrangements
8. Security Measures: Technical and organizational measures for data protection
9. Data Breach Notification: Procedures for handling and reporting data breaches
10. Liability and Indemnification: Allocation of liability between joint controllers
11. Term and Termination: Duration of agreement and termination provisions
12. Governing Law and Jurisdiction: Confirmation of Dutch law application and jurisdiction
13. General Provisions: Standard contractual clauses including severability, entire agreement, etc.
1. International Data Transfers: Required when personal data is transferred outside the EEA
2. Specific Industry Requirements: Added for regulated industries like healthcare or financial services
3. Sub-processor Management: Include when joint controllers will engage sub-processors
4. Insurance Requirements: Specific insurance obligations for high-risk processing
5. Audit Rights: Detailed audit procedures for complex processing operations
6. Cost Allocation: Required when there are significant shared costs for compliance
7. Data Protection Impact Assessment: Procedures for DPIAs when required by processing activities
1. Schedule 1 - Processing Activities: Detailed description of joint processing activities, categories of data, and purposes
2. Schedule 2 - Technical and Organizational Measures: Detailed security and organizational measures implemented by both parties
3. Schedule 3 - Data Subject Rights Procedure: Detailed procedures for handling data subject requests
4. Schedule 4 - Data Breach Response Plan: Detailed procedures for responding to data breaches
5. Schedule 5 - Contact Points: Key contacts for operational, technical, and legal matters
6. Schedule 6 - Privacy Notice Template: Template for informing data subjects about the joint controller arrangement
7. Schedule 7 - Sub-processors List: Current list of approved sub-processors if applicable
Find the exact document you need
Joint Controller Data Processing Agreement
Dutch law-governed Joint Controller Data Processing Agreement establishing GDPR-compliant framework for shared data processing responsibilities.
Download
Controller To Controller Agreement GDPR
A Dutch law-governed agreement establishing GDPR-compliant data sharing arrangements between two independent data controllers.
Download
Dpa Data Privacy Agreement
Dutch law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
Download
Commissioned Data Processing Agreement
Dutch law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
Download
Supplier Data Processing Agreement
A Dutch law-governed data processing agreement establishing GDPR-compliant terms between a company and its supplier for personal data processing activities.
Download
Data Privacy Addendum
A Dutch law-governed Data Privacy Addendum establishing GDPR-compliant terms for personal data processing between controllers and processors.
Download
Non Disclosure Agreement Data Protection
Dutch law-governed NDA with enhanced data protection provisions compliant with GDPR and local privacy regulations.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)