Establish Clear GDPR Joint Controller Responsibilities
When two or more organisations process personal data together for shared purposes, GDPR Article 26 requires a transparent arrangement that defines each controller's responsibilities. This GDPR Data Sharing Agreement Form for Joint Controllers helps organisations document their data sharing relationship, allocate compliance obligations, and demonstrate accountability to data subjects and supervisory authorities.
Whether you're partnering with another business on a marketing campaign, co-managing customer data with a business partner, or sharing research data with academic institutions, this template ensures your joint controller arrangement meets EU legal requirements while protecting data subject rights.
Why use Paperform for your GDPR compliance documentation?
Managing joint controller agreements traditionally involves lengthy legal document exchanges, version control headaches, and complicated approval workflows. Paperform transforms this into a streamlined digital process that captures all essential information, validates responses in real-time, and generates a complete audit trail.
With conditional logic built in, the form adapts based on the type of data being shared and the specific processing activities involved. This means each joint controller relationship is documented with precision, capturing only the relevant details for your particular arrangement.
Papersign integration (papersign.com) takes your GDPR compliance further by allowing both parties to digitally sign the completed agreement, creating a legally binding document with timestamp verification and secure storage. This eliminates the need for separate signature tools while keeping everything connected to your original form submission.
For legal teams, compliance officers, and data protection professionals in the EU, this template provides the structure needed to satisfy Article 26 requirements while remaining accessible enough for business teams to complete without constant legal oversight.
Automate your compliance workflow with Stepper
Once the agreement is signed, your GDPR compliance work continues. Use Stepper (stepper.io) to automate what happens next: notify your Data Protection Officer, log the agreement in your compliance management system, schedule annual reviews, update your Records of Processing Activities (ROPA), and trigger notifications when data subjects exercise their rights under this joint arrangement.
Trusted by businesses across the EU navigating GDPR requirements, this template helps you demonstrate accountability, maintain transparent data relationships, and keep your joint processing activities legally compliant—all through one professional, brand-ready form.
More templates like this
GDPR Binding Corporate Rules Application Form
A comprehensive form for multinational groups to apply for Binding Corporate Rules (BCR) approval, enabling compliant intra-group personal data transfers across borders under GDPR requirements.
GDPR Article 31 Supervisory Authority Cooperation Form
Document controller/processor assistance and cooperation with supervisory authorities during GDPR investigations and compliance checks under Article 31.
GDPR Privacy Policy Acceptance & Consent Tracking Form
Track and document privacy policy acceptance with version control, timestamps, and compliance audit trails for GDPR requirements.
Joint Controller Agreement Form - GDPR Article 26
Establish clear GDPR responsibilities between organizations acting as joint controllers under Article 26. Define roles, obligations, and data subject rights allocation between collaborating entities.
Privacy Notice Update Notification Form
Notify data subjects of privacy policy changes and collect updated consent in compliance with GDPR requirements. Ensure transparent communication and maintain regulatory compliance.
Data Controller Accountability Documentation Form
Comprehensive GDPR compliance documentation form for data controllers to record policies, procedures, training records, and audit results demonstrating accountability under EU data protection law.
Data Controller Change Notification & Consent Form
Notify customers of business ownership transfer and obtain consent for data processing continuity under new data controller, with clear opt-out rights per GDPR requirements.
Data Mapping Exercise Documentation Form
A comprehensive form for documenting personal data processing activities and data flows across systems to maintain Article 30 GDPR Records of Processing Activities (RoPA) compliance.
Data Retention Audit Trail Form
Log and track data deletion activities, responsible parties, and compliance with GDPR retention schedules. Maintain a comprehensive audit trail for regulatory oversight and internal accountability.
DPO Appointment Notification Form
A GDPR Article 37 compliant form for notifying supervisory authorities and documenting Data Protection Officer appointments, including contact details and responsibilities.
GDPR Compliance Self-Assessment for SMBs
A comprehensive self-assessment questionnaire for small and medium businesses to evaluate GDPR compliance, identify data protection gaps, and receive prioritized recommendations for remediation.
GDPR Data Breach Assessment Form
Structured assessment form to evaluate data breaches and determine if notification to supervisory authority is required under GDPR Article 33 within 72 hours.