The Data Controller to Data Controller Agreement is essential when two organizations need to share personal information while acting as independent controllers under South African law. This document is required whenever organizations jointly process or exchange personal information, ensuring compliance with the Protection of Personal Information Act (POPIA). The agreement details each party's obligations, data protection responsibilities, security requirements, and procedures for managing data subject rights. It is particularly crucial in scenarios where organizations regularly share customer, employee, or other personal information databases, conduct joint ventures, or participate in data-sharing initiatives. The document includes specific provisions required by South African law, including Information Regulator notification requirements and local data protection standards.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controllers entering into the agreement, including their registration details and physical addresses
2. Background: Context of the agreement, relationship between the parties, and purpose of the data sharing arrangement
3. Definitions: Definitions of key terms used in the agreement, including those aligned with POPIA definitions
4. Purpose and Scope: Detailed description of the purpose of data sharing and scope of data processing activities
5. Roles and Responsibilities: Clear delineation of each controller's responsibilities and obligations under POPIA
6. Lawful Basis for Processing: Specification of the legal grounds under POPIA for processing and sharing personal information
7. Data Protection Principles: Commitment to comply with POPIA's conditions for lawful processing of personal information
8. Security Measures: Required technical and organizational security measures to protect personal information
9. Data Subject Rights: Procedures for handling data subject requests and ensuring data subject rights
10. Data Breach Notification: Procedures for notifying each other and relevant authorities of security compromises
11. Confidentiality: Obligations regarding confidentiality of shared personal information
12. Duration and Termination: Term of the agreement and circumstances for termination
13. Liability and Indemnification: Allocation of liability and indemnification obligations between the parties
14. Governing Law and Jurisdiction: Specification of South African law as governing law and jurisdiction for disputes
15. General Provisions: Standard contractual provisions including notices, amendments, and severability
1. Cross-border Data Transfers: Required when personal information will be transferred outside South Africa, specifying compliance with POPIA's cross-border transfer requirements
2. Special Personal Information: Required when processing special personal information as defined in POPIA, including additional safeguards
3. Children's Personal Information: Required when processing personal information relating to children, including specific protections
4. Direct Marketing: Required when personal information will be used for direct marketing purposes
5. Data Protection Impact Assessment: Required for high-risk processing activities
6. Sub-processing: Required when either controller may engage sub-processors
7. Audit Rights: Optional section detailing mutual audit rights to ensure compliance
8. Insurance Requirements: Required when specific insurance coverage is needed for data protection risks
1. Schedule 1 - Categories of Personal Information: Detailed list of personal information categories being shared
2. Schedule 2 - Purposes of Processing: Specific purposes for which each category of personal information will be processed
3. Schedule 3 - Technical and Organizational Security Measures: Detailed security measures implemented by each controller
4. Schedule 4 - Contact Details: Contact information for key personnel, including Information Officers and operational contacts
5. Schedule 5 - Data Transfer Procedures: Operational procedures for secure data transfers between controllers
6. Schedule 6 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
7. Schedule 7 - Sub-processors: List of approved sub-processors and their processing activities
8. Appendix A - Standard Forms: Standard forms for data subject requests, breach notifications, and other routine communications
Find the exact document you need
International Data Transfer Addendum
A South African law-compliant addendum governing international transfers of personal information under POPIA requirements.
Download
Intra Group Data Processing Agreement
A South African law-governed agreement regulating personal information processing between entities within the same corporate group, ensuring POPIA compliance.
Download
Third Party Processing Agreement
A South African law-governed agreement regulating personal information processing between a responsible party and an operator under POPIA.
Download
Data Processing Addendum
A South African law-compliant agreement governing personal information processing between controllers and processors under POPIA.
Download
Intercompany Data Transfer Agreement
South African law-governed agreement regulating intra-group data transfers in compliance with POPIA and local data protection regulations.
Download
Data Management Agreement
A South African law-compliant agreement governing data management and processing activities between organizations, ensuring POPIA compliance and data protection.
Download
Data Controller To Data Controller Agreement
South African POPIA-compliant agreement governing personal information sharing between two data controllers, establishing mutual obligations and responsibilities.
Download
DPA Agreement
A South African law-compliant Data Processing Agreement establishing terms for handling personal information under POPIA regulations.
Download
Third Party Data Processing Agreement
A South African law-compliant agreement governing the processing of personal information by a third-party operator on behalf of a responsible party under POPIA.
Download
Personal Data Transfer Agreement
A POPIA-compliant agreement for transferring personal information between parties under South African law.
Download
Controller Processor Agreement
A South African law-governed agreement between a data controller and processor establishing terms for personal information processing under POPIA.
Download
Affiliate Addendum
A South African law-compliant addendum establishing terms and conditions for affiliate marketing relationships, including commission structures and compliance requirements.
Download
Sub Processing Agreement
A South African-compliant agreement governing the delegation of personal information processing activities to a sub-processor under POPIA requirements.
Download
International Data Transfer Agreement
A South African law-governed agreement for cross-border personal information transfers, ensuring POPIA compliance and data protection standards.
Download
Data Protection Addendum
A South African law-governed addendum establishing POPIA-compliant terms for personal information processing between parties.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)