How to formulate a solid data exchange agreement

Once you enter into a data sharing program, that’s not the end of your job. Like anything worth doing, you need to constantly work at it in order to get the most out of it. So if you think you could derive more value from your data sharing initiative, why not build a better data exchange agreement? Here’s how.

 

What is a data exchange agreement?

For any company or Chief Data Officer that wants to immerse themselves in the new data economy, there are important rules to follow. Without doing so, you risk the security of your organization as well as the value of your own collected data.

That means you’ll need to sign a data exchange agreement that outlines what type of data will be shared, which parties have authorization to access said data, as well as legal structures that outline how that information can be assigned, analyzed and disseminated (and to whom).

An agreement is the very bare minimum documentation you need if you wish to engage in a data sharing initiative. In most cases, either you or the other participant will have created their own agreement, which you will need to sign in order to proceed with the data exchange.

Alternatively, if you join a data sharing platform then there will be a legal framework in place that you will need to agree to if you wish to participate on the platform and request access to data from various other organizations.

 

Data exchange agreement template

Depending on your industry, the other data exchange participants and the sensitivity of the data proposed for sharing, the agreement will differ from case to case. However, if you need to create a data sharing agreement for your own purposes, it helps to have an agreement template to draw from.

The data agreement should include the following:

  • Parties involved in the data exchange.
  • Relevant addresses, phone numbers, URLs, emails, etc.
  • Names of authorized persons, including their titles within the organization.
  • Reason for the proposed data exchange.
  • Status of the agreement.
  • Length of the agreement.
  • All rules surrounding the data sharing (how it is accessed, by whom, any restrictions on using the data, time limits, etc.)
  • Circumstances upon which the agreement may be terminated.
  • Where the information will be housed.
  • How the exchanged data will be secured.
  • Outcomes should any party breach the agreement.

In all instances, speak to your legal team (and, preferably, a data sharing expert) before taking this document to other stakeholders.

 

Data exchange agreement GDPR

When compiling your own agreement, GDPR examples should feed into its creation. This is because the General Data Protection Regulation (GDPR) has had a major impact on how data is collected and shared.

Any company with ties to the European Union – even if you are based elsewhere in the world but you deal with clients in the EU (or via third parties) – is subject to the discretion of the regulations outlined in the GDPR. Failure to comply with said regulations can result in major fines (up to €20 million or 4% annual global turnover, whichever is greater).

So when creating a data exchange agreement, bear in mind all the rules within the GDPR and other regulatory principles relevant to your region – and the regions within which your organization operates.