London – 020 305 68855         Cornwall – 01726 247047


Data sharing agreements are contracts that are required under the GDPR


Under the GDPR, the contract requirements are wider and are no longer confined to just ensuring the security of personal data. They are aimed at ensuring and demonstrating compliance with all the requirements of the GDPR. 


The GDPR sets out specific terms that must be included in your contract, as a minimum. The contracts also spell out your liabilities as a controller or a processor.


The contract must state details of the processing and must set out the processor’s obligations. This includes the standards the processor must meet when processing personal data and the permissions it needs from the controller in relation to the processing.


This is a significant change in what is required by law. Data sharing agreements have not been required by law before. 


The GDPR gives processors responsibilities and liabilities in their own right. Processors, as well as controllers, may now be liable to pay damages or be subject to fines or other penalties.

Existing Contracts

You must check your existing contracts to make sure they contain all the required elements. If they don’t, you should get new contracts drafted and signed.

We can draft all the required contracts for you for less than a solicitor would charge.

Contact Us

  • 02030 568855
  • 01726 247047
Sapphire Consulting Group Ltd is a limited company registered in England and Wales.

Registration number: 10427754. Registered office: Central Point, Beech Street, London EC2Y 8AD.

VAT Registration number: 285986235

ICO Registration number: ZA342346