From datenschutzrecht
Generates a joint controller agreement (Article 26 GDPR) with allocation of responsibilities, legal checks for deadlines, jurisdiction, and risk assessment. Includes a template and checklist for GDPR compliance.
How this skill is triggered — by the user, by Claude, or both
Slash command
/datenschutzrecht:joint-controllership-en-templateThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
English-language template for a joint controller agreement under Article 26 GDPR, allocating responsibilities and publishing the essence under Article 26 (2) GDPR. Purpose (DE): Englischsprachige Mustervorlage für eine Joint-Controller-Vereinbarung nach Art. 26 DSGVO.
English-language template for a joint controller agreement under Article 26 GDPR, allocating responsibilities and publishing the essence under Article 26 (2) GDPR. Purpose (DE): Englischsprachige Mustervorlage für eine Joint-Controller-Vereinbarung nach Art. 26 DSGVO.
JOINT CONTROLLER AGREEMENT (Article 26 GDPR)
This Joint Controller Agreement ("JCA") is entered into between:
(1) [Party A Legal Name], a company organised under the laws of [jurisdiction]
("Party A"); and
(2) [Party B Legal Name], a company organised under the laws of [jurisdiction]
("Party B").
Recital A. The Parties jointly determine the purposes and means of the processing
described in Annex I and therefore qualify as joint controllers within the meaning
of Article 26 GDPR.
Recital B. This JCA sets out the respective responsibilities of the Parties in a
transparent manner.
1. SCOPE
1.1 The joint processing covers the processing activities described in Annex I,
including the categories of personal data, categories of data subjects and
purposes.
2. ALLOCATION OF RESPONSIBILITIES
2.1 Party A is responsible for:
(a) provision of the processing infrastructure;
(b) compliance with information duties under Articles 13 and 14 GDPR towards
data subjects reached via Party A;
(c) handling of data subject requests under Articles 15 to 22 GDPR received
through Party A;
(d) notification of personal data breaches under Articles 33 and 34 GDPR in
respect of processing components controlled by Party A.
2.2 Party B is responsible for:
(a) collection and initial transfer of personal data to Party A;
(b) compliance with information duties under Articles 13 and 14 GDPR towards
data subjects reached via Party B;
(c) handling of data subject requests under Articles 15 to 22 GDPR received
through Party B;
(d) notification of personal data breaches under Articles 33 and 34 GDPR in
respect of processing components controlled by Party B.
2.3 The Parties shall jointly carry out:
(a) a data protection impact assessment under Article 35 GDPR where required;
(b) the definition of retention periods;
(c) the definition of technical and organisational measures under Article 32
GDPR.
3. SINGLE POINT OF CONTACT
3.1 The single point of contact for data subjects pursuant to Article 26 (1) GDPR
is Party A. Party A shall forward without undue delay any request that falls
within the responsibility of Party B.
3.2 Article 26 (3) GDPR remains unaffected: data subjects may exercise their
rights against each Party.
4. TRANSPARENCY TOWARDS DATA SUBJECTS (Art. 26 (2) GDPR)
4.1 The Parties shall make available to data subjects the essence of this JCA in
their respective privacy notices. Annex II contains the agreed essence-text
for publication.
5. SECURITY AND BREACH NOTIFICATION
5.1 The Parties shall coordinate without undue delay, and in any event within
twenty-four (24) hours of becoming aware of a personal data breach, on
notification obligations.
5.2 The Party in whose area of responsibility the breach occurs shall lead the
notification. Where the breach affects the joint area, Party A shall lead.
6. LIABILITY AND RECOURSE
6.1 The Parties are jointly and severally liable to data subjects pursuant to
Article 82 (4) GDPR.
6.2 In the internal relationship between the Parties, each Party shall bear the
damage in proportion to its share of responsibility pursuant to Article 82
(5) GDPR.
6.3 The internal liability of each Party is capped at [AMOUNT] EUR per claim and
[AMOUNT] EUR per calendar year. The cap shall not apply in case of wilful
misconduct, gross negligence, or for damage arising from injury to life,
body or health.
7. SUPERVISORY AUTHORITY
7.1 The Parties shall cooperate in good faith in respect of inquiries and
investigations by supervisory authorities.
8. TERM AND TERMINATION
8.1 This JCA is concluded for an indefinite period and may be terminated by
either Party with six (6) months' written notice to the end of a calendar
quarter.
9. GOVERNING LAW AND JURISDICTION
9.1 This JCA shall be governed by the laws of [jurisdiction]. The courts of
[court venue] shall have exclusive jurisdiction.
Annex I Description of the joint processing
Annex II Essence-text for publication (Article 26 (2) GDPR)
Signed on behalf of Party A: Signed on behalf of Party B:
__________________________________ __________________________________
Name: Name:
Title: Title:
Date: Date:
../../../references/zitierweise.md.2plugins reuse this skill
First indexed Jul 16, 2026
npx claudepluginhub klotzkette/claude-fuer-deutsches-recht --plugin datenschutzrechtProvides a joint controller agreement template under Art. 26 GDPR in German, with checklist for task allocation, transparency, and internal recourse.
Guides GDPR Article 26 joint controller arrangements: determining joint controllership via indicators and case law, allocating responsibilities, ensuring transparency. For shared data platforms or joint processing.
Guides collaborative design exploration before implementation: explores context, asks clarifying questions, proposes approaches, and writes a design doc for user approval.