撰写数据共享协议

数据共享协议（中英双语）
Data Sharing Agreement (Bilingual)

1. 协议概述
1. Agreement Overview
- 生效日期：YYYY-MM-DD
- Effective Date: YYYY-MM-DD
- 甲方（数据提供方）：[甲方公司全称]，地址：[地址]
- Party A (Data Provider): [Full Legal Name], Address: [Address]
- 乙方（数据接收方）：[乙方公司全称]，地址：[地址]
- Party B (Data Recipient): [Full Legal Name], Address: [Address]
- 本协议规定甲乙双方在共享数据时的权利与义务、数据治理要求、合规责任、技术与组织措施及风险管理机制。
- This Agreement sets out the rights and obligations of both Parties in data sharing, including data governance requirements, compliance responsibilities, technical and organizational measures, and risk management mechanisms.

2. 定义
2. Definitions
- “数据”：指在附录A中列明的结构化或非结构化信息。
- “Data”: Information described in Appendix A, whether structured or unstructured.
- “个人信息/个人数据”：可直接或间接识别自然人的信息，依据适用法律定义（如GDPR、PIPL、CCPA等）。
- “Personal Information/Personal Data”: Information that directly or indirectly identifies a natural person, as defined under applicable laws (e.g., GDPR, PIPL, CCPA).
- “敏感个人信息/特殊类别数据”：需更高保护级别的数据（如健康、财务、生物识别等），以适用法律为准。
- “Sensitive Personal Information/Special Category Data”: Data requiring heightened protection (e.g., health, financial, biometric), per applicable law.
- “处理/加工”：对数据进行的任何操作（收集、存储、使用、传输、披露、删除等）。
- “Processing”: Any operation performed on data (collection, storage, use, transfer, disclosure, deletion, etc.).
- “匿名化”：不可逆地去标识化，使数据无法再识别个人。
- “Anonymization”: Irreversibly de-identifying data so it cannot identify individuals.
- “假名化”：使用替代标识减少直接识别风险，但仍可回溯。
- “Pseudonymization”: Replacing identifiers to reduce direct identification risk while remaining reversible.

3. 目的与使用范围
3. Purpose and Scope of Use
- 目的：双方为实现[具体业务目的/项目名称]共享数据，限定用于本协议约定的业务、分析与运营活动。
- Purpose: The Parties share data to accomplish [specific business purpose/project], limited to the activities agreed under this Agreement.
- 使用范围：乙方仅可在附录A列明的数据类别与附录D批准流程下，为[用途清单]使用数据，不得用于画像、广告投放、面向第三方的再分发或训练生成式AI模型，除非经甲方书面许可。
- Scope of Use: Party B may use data only within the categories in Appendix A and under approval processes in Appendix D, for [list of purposes]. No profiling, targeted advertising, third-party redistribution, or training of generative AI models unless expressly authorized in writing by Party A.
- 禁止行为：去匿名化、试图重新识别个人、超出授权的使用、绕过访问控制、修改数据血缘记录。
- Prohibited Actions: De-anonymization, attempts to re-identify individuals, use beyond authorization, bypassing access controls, altering data lineage records.

4. 法律基础与角色
4. Legal Basis and Roles
- 法律基础：双方确认并记录个人数据处理的合法基础（同意、合同必要、合法权益、法定义务等），并在附录A或数据共享记录中明确。
- Legal Basis: The Parties will confirm and document the lawful basis for processing personal data (consent, contractual necessity, legitimate interest, legal obligation, etc.), specified in Appendix A or the data sharing record.
- 角色分配：如共享涉及个人数据，明确双方在适用法律下的角色：
  - 甲方为数据控制者/独立控制者/共同控制者（视具体情况）。
  - 乙方为数据处理者/独立控制者（视具体情况）。
- Role Allocation: Where personal data is involved, define Parties’ roles under applicable law:
  - Party A as Controller/Independent Controller/Joint Controller (as applicable).
  - Party B as Processor/Independent Controller (as applicable).
- 如乙方为处理者，应签署数据处理附录（DPA），并遵循本协议及附录B的技术与组织措施。
- If Party B acts as Processor, a Data Processing Addendum (DPA) will be executed and TOMs in Appendix B must be followed.

5. 数据范围与分类
5. Data Scope and Classification
- 数据清单：详见附录A，包括数据元素、来源、更新频率、敏感性等级及个人/非个人属性。
- Data Inventory: See Appendix A for data elements, sources, update frequency, sensitivity level, and personal/non-personal attributes.
- 分类级别：公开/内部/机密/严格保密，及个人数据类别与敏感级别。
- Classification Levels: Public/Internal/Confidential/Restricted, and personal data categories and sensitivity levels.
- 最小化原则：仅共享为实现目的所必要的最小数据集。
- Minimization: Share only the minimum data necessary to achieve the purpose.

6. 数据质量与元数据管理
6. Data Quality and Metadata Management
- 质量指标：完整性、准确性、一致性、及时性、唯一性；双方设定阈值与SLA（如：关键字段准确率≥99.5%，延迟≤24小时）。
- Quality Metrics: Completeness, accuracy, consistency, timeliness, uniqueness; Parties will set thresholds and SLAs (e.g., key field accuracy ≥99.5%, latency ≤24 hours).
- 验证与校验：甲方在交付前执行架构校验、值域校验、重复检测；乙方在接收后执行入仓校验与异常反馈。
- Validation: Party A performs schema checks, domain validations, deduplication before delivery; Party B performs ingestion checks and anomaly feedback upon receipt.
- 变更管理：数据结构或业务规则变更需提前至少[30]天书面通知；乙方应在[15]天内完成兼容性评估与回归测试。
- Change Management: Notify structural or business rule changes at least [30] days in advance; Party B completes compatibility assessment and regression testing within [15] days.
- 元数据与血缘：双方维护技术与业务元数据（定义、所有者、质量规则）及数据血缘，使用唯一数据标识记录版本与来源。
- Metadata and Lineage: Maintain technical and business metadata (definitions, owners, quality rules) and lineage, using unique data identifiers to record version and origin.

7. 安全控制与访问管理
7. Security Controls and Access Management
- 访问控制：基于角色的访问控制（RBAC），最小权限，定期审计；多因素认证用于管理访问。
- Access Control: Role-based access control (RBAC), least privilege, periodic audits; MFA for administrative access.
- 加密：传输中TLS 1.2+，静态存储AES-256或同等强度；密钥由受控KMS管理并定期轮换。
- Encryption: TLS 1.2+ in transit; AES-256 or equivalent at rest; keys managed by controlled KMS with periodic rotation.
- 网络与端点：网络分段、零信任原则、端点防护与漏洞管理；安全日志集中化存储与保留[180]天。
- Network and Endpoint: Segmentation, zero-trust principles, endpoint protection and vulnerability management; centralized security logging retained for [180] days.
- 数据脱敏与假名化：对直接标识符进行掩码或假名化；敏感数据在非生产环境仅使用匿名化或合成数据。
- Masking and Pseudonymization: Mask direct identifiers; use anonymized or synthetic data in non-production for sensitive data.
- 备份与恢复：按RPO/RTO目标执行备份；恢复流程定期演练。
- Backup and Recovery: Backups per RPO/RTO targets; periodic recovery drills.

8. 合规性与跨境传输
8. Compliance and Cross-Border Transfers
- 合规遵循：双方遵守适用数据保护与行业监管法律（如GDPR、PIPL、CCPA、HIPAA、金融监管等）。
- Compliance: Parties comply with applicable data protection and sectoral regulations (e.g., GDPR, PIPL, CCPA, HIPAA, financial regulations).
- 跨境传输：如发生跨境，采用合法机制（如标准合同条款SCC、认证、评估与备案等），并在附录C记录路径与保障措施。
- Cross-Border: If cross-border transfers occur, use lawful mechanisms (e.g., SCCs, certifications, required assessments/filings), documented in Appendix C.
- 第三方请求：遇监管或司法请求，优先通知对方并依法处理，除非法律禁止通知。
- Third-Party Requests: For regulatory or judicial requests, notify the other Party where permitted and handle in accordance with law.

9. 数据主体权利与隐私请求
9. Data Subject Rights and Privacy Requests
- 权利响应：如涉及个人数据，双方协作响应访问、更正、删除、限制处理、可携带、撤回同意等请求。
- Rights Handling: Where personal data is involved, Parties cooperate to respond to access, rectification, deletion, restriction, portability, consent withdrawal, etc.
- 通道与时限：建立请求通道并在法定期限内完成（如GDPR通常为1个月）。
- Channels and Deadlines: Establish request channels and meet statutory timelines (e.g., typically 1 month under GDPR).
- 记录与审计：保存请求与响应记录以备审计。
- Recordkeeping: Maintain records of requests and responses for audit.

10. 事件管理与通报
10. Incident Management and Notification
- 事件定义：未经授权的访问、泄露、丢失、损毁、完整性受损或可用性受损。
- Incident Definition: Unauthorized access, breach, loss, destruction, integrity or availability compromise.
- 通报时限：乙方在发现与共享数据相关的事件后应于不超过[72]小时通知甲方，并提供影响评估与缓解措施。
- Notification: Party B will notify Party A within [72] hours of discovering any incident related to shared data, with impact assessment and remediation plan.
- 响应流程：启动应急响应、证据保全、根因分析与整改；双方配合对监管通报与数据主体通知。
- Response: Initiate incident response, preserve evidence, root-cause analysis, remediation; cooperate on regulatory and data subject notifications.

11. 数据保留与删除
11. Data Retention and Deletion
- 保留期限：乙方仅在实现目的所需期间保留数据，最长不超过[具体期限]，除法律要求或双方书面同意另行延长。
- Retention: Party B retains data only as needed to fulfill the purpose, not exceeding [specific period], unless extended by law or mutual written agreement.
- 冻结与保全：遇法律保全或审计要求，双方依法保留相关数据。
- Legal Hold: Comply with legal holds or audit requirements as applicable.
- 安全删除：到期或终止时，乙方在[30]天内完成安全删除或返还，采用经验证的删除方法并提供证明。
- Secure Disposal: Upon expiry or termination, Party B securely deletes or returns data within [30] days using verified methods and provides evidence.

12. 数据托管与治理角色
12. Data Stewardship and Governance Roles
- 数据所有者（甲方）：负责定义数据政策、质量标准、共享准入、变更审批与合规监督。
- Data Owner (Party A): Defines data policies, quality standards, access approvals, change control, and compliance oversight.
- 数据托管人（双方）：负责日常数据管理、元数据维护、质量监控与问题修复。
- Data Stewards (Both Parties): Manage daily data operations, maintain metadata, monitor quality, and remediate issues.
- 安全与隐私负责人（双方）：确保技术与组织措施有效，并协调风险评估与隐私影响评估（PIA/DPIA）。
- Security and Privacy Leads (Both Parties): Ensure effective TOMs, coordinate risk assessments and PIA/DPIA as needed.

13. 审计与监控
13. Audit and Monitoring
- 审计权：甲方可在合理通知与不干扰业务的前提下审计乙方与本协议相关的控制与记录（每年不超过[1]次，或因重大事件额外安排）。
- Audit Rights: Party A may audit Party B’s controls and records related to this Agreement with reasonable notice and minimal disruption (no more than [1] per year, plus for material incidents).
- 证据与报告：乙方提供审计所需证据（政策、日志、测试报告、第三方认证等）与整改计划。
- Evidence and Reporting: Party B provides audit evidence (policies, logs, test reports, third-party certifications) and remediation plans.
- 监控指标：访问日志、失败登录、数据质量告警、数据流量异常；双方定期评审。
- Monitoring: Access logs, failed logins, data quality alerts, anomalous data flows; periodic reviews by both Parties.

14. 第三方与分处理
14. Third Parties and Subprocessing
- 分处理限制：乙方仅在甲方书面批准后使用分处理方，并确保其遵守本协议及适用法律。
- Subprocessor Restrictions: Party B may use subprocessors only with Party A’s written approval and must ensure their compliance with this Agreement and applicable laws.
- 责任承担：乙方对分处理方的行为承担与自身相同的责任。
- Responsibility: Party B remains fully liable for its subprocessors.

15. 知识产权与许可
15. Intellectual Property and Licensing
- 所有权：除非另有约定，数据及其知识产权归甲方或其合法授权方所有。
- Ownership: Unless otherwise agreed, data and related intellectual property belong to Party A or its licensor.
- 许可范围：甲方授予乙方在协议目的范围内非排他、不可转让的使用许可，不得再许可或转让。
- License: Party A grants Party B a non-exclusive, non-transferable license to use data solely for the Agreement’s purpose; no sublicensing or transfer.
- 衍生成果：乙方基于数据形成的分析结果或模型所有权归乙方，但不得披露或包含可逆向推断甲方数据或任何个人信息的内容；若使用包含甲方数据的派生数据进行外部共享，需甲方事先书面同意。
- Derivatives: Party B owns analyses or models derived from data, provided they do not disclose or allow reverse inference of Party A’s data or any personal information; external sharing of derivatives containing Party A’s data requires prior written consent.

16. 保密义务
16. Confidentiality
- 双方对在本协议中获得的保密信息（包括数据、商业与技术信息）负有保密义务，仅在实现目的且遵守本协议下使用。
- Both Parties will keep confidential information (including data, business and technical information) confidential and use it only to fulfill the purpose in accordance with this Agreement.
- 保密期限：自信息披露之日起[5]年，或依据法律与监管要求另行规定。
- Confidentiality Term: [5] years from disclosure, or as otherwise required by law/regulation.

17. 责任、保证与限制
17. Warranties, Liability, and Limitations
- 保证：各方保证其具备共享与接收数据的合法权利，并遵守适用法律与本协议。
- Warranties: Each Party warrants it has lawful rights to share/receive data and will comply with applicable laws and this Agreement.
- 数据“按现状”提供：除非附录A明确质量保障，数据按现状提供；甲方不对乙方特定用途的适用性作保证。
- Data “As-Is”: Unless quality guarantees are specified in Appendix A, data is provided as-is; Party A does not warrant fitness for Party B’s specific purposes.
- 责任限制：在适用法律允许范围内，任何一方对间接、附带、特殊或惩罚性损害不承担责任；总体责任上限为过去12个月乙方因本协议实际支付给甲方的费用（如无费用则为[约定金额/0]）。不适用于故意不当行为、重大过失、数据泄露导致的法定赔偿、保密与合规义务的重大违约。
- Liability Cap: To the extent permitted by law, neither Party is liable for indirect, incidental, special, or punitive damages; total liability is capped at fees paid by Party B to Party A in the last 12 months (or [agreed amount/0] if no fees). Exclusions apply to willful misconduct, gross negligence, statutory breach notification/compensation for data breaches, and material breaches of confidentiality/compliance obligations.

18. 期限与终止
18. Term and Termination
- 期限：自生效日起至[到期日/项目完成]，可经双方书面同意续期。
- Term: From Effective Date to [expiry/project completion], renewable by mutual written agreement.
- 违约终止：一方严重违约并在收到书面通知后[30]天未纠正，守约方可终止本协议。
- Termination for Cause: If a Party materially breaches and fails to cure within [30] days of notice, the other Party may terminate.
- 终止义务：乙方按第11条完成删除或返还，并停止全部使用。
- Post-Termination: Party B will cease use and complete deletion/return per Section 11.

19. 通知、变更与转让
19. Notices, Amendments, and Assignment
- 通知：书面通知通过附录D所列联系人及方式发送；法定或紧急通知应使用预留紧急渠道。
- Notices: Written notices via contacts/methods in Appendix D; statutory/emergency notices via designated urgent channels.
- 变更：本协议的任何变更须双方书面同意。
- Amendments: Any changes require mutual written agreement.
- 转让：未经对方书面同意，任何一方不得转让本协议权利义务（企业重组或并购除外且不降低履约能力）。
- Assignment: No assignment without written consent, except corporate reorganization/M&A that does not reduce performance capability.

20. 适用法律与争议解决
20. Governing Law and Dispute Resolution
- 适用法律：本协议受[司法辖区]法律管辖，并依其解释。
- Governing Law: This Agreement is governed by the laws of [jurisdiction].
- 争议解决：优先友好协商，失败后提交至[仲裁机构/法院]按其规则处理；双方可就紧急救济申请法院禁令。
- Dispute Resolution: Attempt amicable resolution; failing that, submit to [arbitration body/court] under its rules; either Party may seek injunctive relief for urgent matters.

21. 其他条款
21. Miscellaneous
- 可分割性：任何条款被认定无效不影响其他条款效力。
- Severability: Invalidity of any provision does not affect the rest.
- 完整协议：本协议及其附录构成双方就数据共享之完整协议。
- Entire Agreement: This Agreement and its appendices constitute the entire agreement for data sharing.
- 优先顺序：如条款冲突，依次以：主要协议、DPA、附录B、附录A、附录C、附录D为准。
- Order of Precedence: In case of conflict: Main Agreement, DPA, Appendix B, Appendix A, Appendix C, Appendix D.

签署页
Signatures
- 甲方授权代表：姓名/职务/签字/日期
- Party A Authorized Representative: Name/Title/Signature/Date
- 乙方授权代表：姓名/职务/签字/日期
- Party B Authorized Representative: Name/Title/Signature/Date

附录A：数据清单与分类
Appendix A: Data Inventory and Classification
- 数据集名称与描述
- Dataset names and descriptions
- 字段列表与数据类型、标识符（直接/间接）
- Field lists, data types, identifiers (direct/indirect)
- 数据来源与采集方式
- Sources and collection methods
- 更新频率与交付形式（批量/流式；文件/API/数据库）
- Update frequency and delivery form (batch/stream; file/API/database)
- 个人/非个人属性与敏感级别
- Personal/non-personal attributes and sensitivity level
- 合法基础与用途映射
- Lawful basis mapped to uses
- 质量指标与阈值/SLA
- Quality metrics and thresholds/SLAs

附录B：技术与组织措施（TOMs）
Appendix B: Technical and Organizational Measures
- 访问控制（RBAC、MFA、定期权限复核）
- Access control (RBAC, MFA, periodic entitlement reviews)
- 加密与密钥管理（传输/静态、KMS、轮换）
- Encryption and key management (in-transit/at-rest, KMS, rotation)
- 网络安全（分段、WAF、IDS/IPS、零信任）
- Network security (segmentation, WAF, IDS/IPS, zero trust)
- 终端与恶意代码防护（EDR、反恶意软件）
- Endpoint and malware protection (EDR, anti-malware)
- 漏洞与补丁管理（扫描、优先级、SLA）
- Vulnerability and patch management (scans, prioritization, SLAs)
- 日志与监控（集中化、保留策略、告警）
- Logging and monitoring (centralization, retention, alerting)
- 备份与恢复（RPO/RTO、演练）
- Backup and recovery (RPO/RTO, drills)
- 安全开发与变更管理（SDLC、代码审计、变更审批）
- Secure SDLC and change management (code reviews, approvals)
- 隐私与合规（PIA/DPIA、政策培训、记录管理）
- Privacy/compliance (PIA/DPIA, policy training, recordkeeping)

附录C：跨境传输与保障
Appendix C: Cross-Border Transfers and Safeguards
- 传输路径与目的地国家/地区
- Transfer paths and destination countries/regions
- 法律机制（SCC、认证、评估/备案）
- Legal mechanisms (SCCs, certifications, assessments/filings)
- 数据最小化与去标识策略
- Minimization and de-identification strategies
- 风险评估与缓解措施
- Risk assessments and mitigation measures

附录D：联系人与操作流程
Appendix D: Contacts and Operational Procedures
- 数据所有者与托管人（姓名、职务、联系方式）
- Data Owners and Stewards (names, titles, contacts)
- 安全与隐私联系人（CSO/CISO/DPO）
- Security and Privacy contacts (CSO/CISO/DPO)
- 访问审批流程与SLA
- Access approval workflows and SLAs
- 事件通报渠道与升级矩阵
- Incident notification channels and escalation matrix
- 架构/质量变更通知模板与时间表
- Templates and timelines for schema/quality changes

重要说明
Important Note
- 本协议模板旨在提供数据治理与共享的结构化框架。签署前应由法律顾问根据双方业务场景及适用司法辖区进行审阅与定制，确保与相关法律法规完全一致。
- This template provides a structured framework for data governance and sharing. It should be reviewed and tailored by legal counsel to the Parties’ business and applicable jurisdictions before execution to ensure full legal compliance.

数据共享协议

协议编号：[编号]
签署日期：[日期]
甲方（数据提供方）：[单位名称]，地址：[地址]，统一社会信用代码：[代码]
乙方（数据接收方）：[单位名称]，地址：[地址]，统一社会信用代码：[代码]

一、目的与范围
1.1 本协议旨在规范甲乙双方在合法、合规、可控的前提下开展数据共享与使用活动，确保数据安全、质量与隐私保护，提升数据价值。
1.2 本协议适用于甲方向乙方提供的数据及乙方基于该数据进行的处理、使用、存储、传输、展示、衍生分析等活动。
1.3 共享数据仅限于实现本协议约定的业务目的，未经双方书面同意不得变更用途或范围。

二、定义
2.1 数据：指以电子或其他方式记录的信息，包括结构化与非结构化数据。
2.2 个人信息：以电子或其他方式记录的与已识别或可识别的自然人有关的各种信息。
2.3 敏感个人信息：一旦泄露或非法使用，可能导致自然人受到歧视或人身、财产安全受损的个人信息，包括生物识别、医疗健康、金融账户、行踪轨迹等。
2.4 匿名化处理：对个人信息进行处理，使其不可识别特定自然人且不可复原的过程。
2.5 去标识化：对个人信息中直接识别个人的标识进行删除或替换，但仍可能通过其他信息进行重新识别的过程。
2.6 数据提供方：指本协议中向对方共享数据的一方。
2.7 数据接收方：指本协议中接收并使用共享数据的一方。
2.8 数据治理角色：包括数据所有者、数据管理员（数据托管人）、数据使用者、安全与合规责任人等。

三、共享目的与业务场景
3.1 共享目的：[如联合分析/业务协同/风控核验/行业研究/监管报送支持等]。
3.2 使用边界：乙方仅可在本协议约定的业务场景中使用共享数据，不得用于画像、营销或其他未授权目的。
3.3 最小化原则：共享数据的字段、时效与粒度应以实现目的所必需为限。

四、数据类别与数据集说明
4.1 数据分类：
- 公开数据：依法可公开且不涉及个人信息或商业秘密的数据。
- 受限数据：涉及业务敏感信息或含有限制性条款的数据。
- 个人信息：包含一般个人信息与敏感个人信息。
4.2 数据集清单（附件一：数据字典与字段说明）：
- 数据集名称、来源系统、字段列表、数据类型、含义、取值范围、质量规则、更新频率、时间范围。
4.3 元数据要求（附件一）：
- 数据血缘、版本号、采集时间戳、处理规则、口径说明。

五、合法合规要求
5.1 双方应遵守适用法律法规与监管要求，包括但不限于《中华人民共和国个人信息保护法》《中华人民共和国数据安全法》《中华人民共和国网络安全法》及相关行业规范。
5.2 个人信息处理合法基础：乙方处理个人信息应具备合法基础（如履行合同、依法履责、合法同意、公共利益等），并保留相应证明。
5.3 跨境传输：涉及个人信息或重要数据跨境传输的，应依法开展安全评估、认证或签订标准合同，并经必要备案。
5.4 政策对齐：双方应建立并执行数据政策，包括数据分类分级、访问控制、留存与删除、质量与安全要求。

六、角色与责任分工
6.1 甲方责任：
- 明确数据所有权与共享授权，保证数据来源合法并具备共享权利。
- 提供完整数据说明与质量规则，输出数据质量评估报告。
- 指定数据管理员与合规联系人，负责共享过程的管理与监督。
6.2 乙方责任：
- 在许可边界内处理数据，确保合法合规、目的限定与最小化。
- 落实安全与隐私保护措施，按要求开展留存、删除与审计。
- 指定数据管理员与个人信息保护负责人，负责使用管理与合规。
6.3 共同责任：
- 建立数据共享台账，记录数据集、批次、权限、用途、保留期限与责任人。
- 定期开展合规与安全评估，闭环整改问题。

七、技术传输与接口管理
7.1 传输方式：经双方同意采用安全机制（如加密API、SFTP、专线、VPN、可信计算环境）。
7.2 加密与认证：传输采用TLS 1.2及以上；静态数据采用AES-256或同等级加密；启用双因素认证与密钥轮换机制。
7.3 接口管控：配置IP白名单、访问令牌、速率限制；接口变更需提前[15]个工作日通知并完成回归测试。
7.4 完整性校验：采用哈希校验或数字签名，确保数据未被篡改。
7.5 环境隔离：测试、预生产、生产环境隔离，禁止在非生产环境使用真实个人信息，需采用脱敏或匿名化数据。

八、数据质量管理
8.1 质量维度：完整性、准确性、一致性、及时性、唯一性、可追溯性。
8.2 质量规则：双方在附件一中明确字段级校验规则、容错阈值与异常处理流程。
8.3 验收与回滚：乙方在接收后进行质量验收；如严重不合格，甲方应在约定时限内纠正或回滚。
8.4 质量监控：建立自动化质量监控与告警机制，异常应在[24]小时内初步通报并在[72]小时内提供整改方案。

九、隐私与敏感数据保护
9.1 去标识化与匿名化：对含个人信息的数据应优先去标识化，敏感场景采用匿名化或差分隐私等增强措施；匿名化数据不得与其他数据结合以重新识别。
9.2 同意与告知：如以同意为合法基础，甲方应确保已充分告知并取得可验证同意；乙方应尊重用户撤回权并及时停止相关处理。
9.3 敏感个人信息：采用更严格的访问审批、最小权限、操作留痕与访问隔离；必要时进行脱敏显示与输出控制。
9.4 儿童个人信息及特殊类别：如涉及未成年或受特别保护的数据，须额外审批与保护措施，并遵守专项规定。
9.5 数据主体权利：乙方应建立通道支持查询、复制、更正、删除、撤回同意等权利请求，并在法定或约定时限内处理。

十、访问控制与安全管理
10.1 权限模型：基于角色的访问控制（RBAC）与属性增强（ABAC），明确“谁可访问何数据、在何场景、做何操作、保存多久”。
10.2 身份与审计：启用强身份认证、会话管理与操作日志；日志保留不少于[12]个月，确保可审计与反溯。
10.3 最小化与分离：最小权限、岗位分离与关键操作双人复核。
10.4 第三方与分包：乙方如委托第三方处理，须经甲方书面许可并签署等同保护义务的协议；乙方对分包方的行为承担连带责任。
10.5 安全基线：合规加固、漏洞管理、补丁更新、恶意代码防护、数据泄漏防护（DLP），并定期开展渗透测试与安全评估。

十一、使用限制与再共享
11.1 未经甲方书面同意，乙方不得将共享数据再分发、再授权或用于与共享目的无关的活动。
11.2 禁止对共享数据进行反向工程以识别个人或推断商业机密。
11.3 衍生数据：乙方基于共享数据产生的统计或分析结果，如不含个人信息与商业机密，可按约定范围使用；涉及个人信息或可逆推的，应视同原始数据管理。

十二、保存期限与删除
12.1 保存期限：乙方应按附件二设定的保留期限保存数据，期满后应进行安全删除或不可逆匿名化处理。
12.2 删除流程：包含触发条件、审批、执行方式（覆盖删除/加密销毁）、证据留存（删除记录、截图、日志），并向甲方出具删除证明。
12.3 备份与恢复：备份数据与主数据适用相同安全与保留规则；恢复操作需审批与留痕。

十三、监控、审计与报告
13.1 审计：双方可对数据共享合规与安全进行定期审计或抽查；乙方应配合提供必要证据与访问。
13.2 指标与报表：建立共享使用报表（访问量、用途、异常、权限变化）；按月或季度共享给甲方。
13.3 权限评审：乙方应至少每季度开展权限核查与收敛。

十四、风险评估与合规管理
14.1 影响评估：涉及个人信息或重要数据的共享，乙方应开展个人信息保护影响评估（PIA），评估结果与整改计划存档并可供审计。
14.2 变更评估：业务场景、数据范围、处理方式、传输路径、第三方引入的重大变更须进行风险评估与审批。
14.3 合规培训：乙方应对相关人员开展年度合规与安全培训，并保留记录。

十五、变更管理
15.1 任一方拟变更数据集、接口、频率或用途，须提前[15]个工作日书面通知并完成技术与合规评审。
15.2 变更生效需双方书面确认，更新附件与共享台账。

十六、事件响应与违规处理
16.1 安全事件：如发生数据泄漏、篡改、丢失、未经授权访问等事件，乙方应在发现后[24]小时内进行初步通报，在[72]小时内提供详细报告与整改措施。
16.2 协同处置：双方应启动应急预案，必要时进行用户通知与监管报备，依法履行义务。
16.3 违约责任：一方违反本协议致使另一方遭受损失的，应承担相应赔偿；涉及监管处罚的，按法律法规执行。

十七、服务级别与支持
17.1 数据交付频率、时点与窗口：[约定]
17.2 支持响应：甲乙双方数据与技术支持的响应时限与处理流程：[约定]
17.3 可用性指标：接口可用性、延迟与吞吐基线指标：[约定]

十八、费用与结算
18.1 费用构成：一次性接入费、持续服务费、定制开发费、资源占用费等（如适用）。
18.2 结算方式与周期：[约定]
18.3 发票与税务处理：[约定]

十九、期限与终止
19.1 协议期限：[起止日期]；到期双方可协商续签。
19.2 终止：一方严重违约、目的终止或法律政策变化导致无法继续共享的，另一方可书面通知终止。
19.3 终止后的处理：乙方应在[30]日内完成数据删除与相关证明提交；保密义务与合规义务不因终止而免除。

二十、保密与知识产权
20.1 保密范围：共享数据、技术细节、业务信息、非公开文档。
20.2 保密义务：双方仅在本协议范围内使用保密信息，采取合理措施防止泄露。
20.3 知识产权：原始数据的权利归提供方所有；双方在本协议框架下形成的共同成果，按另行约定执行。

二十一、争议解决与适用法律
21.1 适用法律：本协议受中华人民共和国法律管辖。
21.2 争议解决：先行友好协商；协商不成的，提交[甲方所在地]有管辖权的人民法院诉讼解决。

二十二、沟通与联系人
22.1 数据管理员：
- 甲方：[姓名/职务/邮箱/电话]
- 乙方：[姓名/职务/邮箱/电话]
22.2 个人信息保护负责人/合规联系人：
- 甲方：[姓名/职务/邮箱/电话]
- 乙方：[姓名/职务/邮箱/电话]
22.3 事件通报渠道与时段：[约定]

二十三、附则
23.1 本协议经双方授权代表签字并加盖公章后生效。
23.2 本协议未尽事宜，由双方另行签署补充协议，补充协议与本协议具有同等法律效力。
23.3 附件为本协议组成部分：
- 附件一：数据字典与质量规则（含字段级规则、异常阈值、元数据说明）
- 附件二：保留期限与删除流程
- 附件三：接口与安全规范（API/SFTP规范、加密与认证要求、速率限制）
- 附件四：权限矩阵与审批流程
- 附件五：审计清单与报表模板
- 附件六：数据共享台账模板与变更记录

签署页

甲方（盖章）：____________________    法定代表人/授权代表：____________________    日期：____年__月__日

乙方（盖章）：____________________    法定代表人/授权代表：____________________    日期：____年__月__日

Data Sharing Agreement between Buyer and Supplier A

Effective Date: [insert date]
Parties: [Buyer legal name], a [jurisdiction] entity with registered office at [address] (“Buyer”); and [Supplier A legal name], a [jurisdiction] entity with registered office at [address] (“Supplier A”).

1. Purpose and Scope
1.1 Purpose. This Agreement governs the exchange of data between Buyer and Supplier A for procurement-related activities, including supplier onboarding and qualification, purchase order processing, invoicing and payment reconciliation, performance management, compliance reporting, risk assessment, demand planning, and contract administration.
1.2 Scope. The Agreement covers the collection, transmission, access, use, storage, retention, disclosure, and disposal of Data (defined below) shared between the parties.

2. Definitions
2.1 “Data” means any information shared under this Agreement, including:
- Procurement master data: supplier profiles, legal entity information, certifications, bank details (masked where feasible), tax IDs, contacts.
- Transactional data: purchase orders, receipts, invoices, credit notes, payment status, delivery and logistics data.
- Performance and risk data: KPIs, quality metrics, on-time delivery rates, incident reports, audit findings, ESG information, sanctions screening results.
- Personal data: any information relating to identified or identifiable natural persons (e.g., contact names, business emails, phone numbers).
- Metadata: data lineage, timestamps, identifiers, versioning information.
2.2 “Confidential Information” means non-public information disclosed by either party, including Data classified as confidential.
2.3 “Applicable Law” means all laws and regulations governing data protection, privacy, cybersecurity, records retention, export controls, and sector-specific rules applicable to either party, including where relevant GDPR/UK GDPR, CCPA/CPRA, PIPL, and anti-corruption and sanctions laws.
2.4 “Controller,” “Processor,” “Service Provider,” and “Subprocessor” have the meanings under Applicable Law.

3. Roles and Responsibilities
3.1 Role allocation.
- For Buyer-origin Data containing personal data, Buyer acts as Controller and Supplier A acts as Processor/Service Provider.
- For Supplier-origin Data containing personal data, Supplier A acts as Controller and Buyer acts as Processor/Service Provider.
- If either party determines purposes jointly, the parties will execute a joint controller arrangement describing responsibilities.
3.2 Data stewardship. Each party will appoint a Data Owner and Data Steward for each Data domain to manage data quality, metadata, standards, access authorization, and issue remediation.
3.3 Governance. Each party will maintain a data catalog, classification scheme (e.g., public/internal/confidential/restricted), and documented standards for identifiers, code sets, reference data, and data exchange formats.

4. Permitted Use and Restrictions
4.1 Permitted use. Each party may use Data solely for the Purpose in Section 1.1 and to comply with legal and audit requirements.
4.2 Restrictions. Neither party may:
- Sell or share Data for targeted advertising or unrelated marketing.
- Use Data to profile individuals beyond the permitted Purpose.
- Re-identify de-identified or aggregated data, or attempt to do so.
- Disclose Data to third parties except as permitted in Section 11 (Subprocessors and Third Parties).
4.3 Minimization. Each party will share only Data that is necessary, proportionate, and relevant to the Purpose.
4.4 Derivative data. Aggregated or anonymized outputs may be retained and used for internal analytics if they cannot reasonably be linked to any individual or to the other party’s confidential business information.

5. Legal and Regulatory Compliance
5.1 Compliance. Each party will comply with Applicable Law and obtain necessary consents or notices for the sharing of personal data.
5.2 Data Processing Addendum. Where Processor/Service Provider processing is involved, the parties will incorporate a Data Processing Addendum (DPA) consistent with Article 28 GDPR/UK GDPR, CPRA, PIPL, and other applicable regimes. The DPA forms part of this Agreement.
5.3 Records and accountability. Each party will maintain records of processing activities, data flows, and transfer mechanisms where required by law.

6. Data Quality Management
6.1 Quality dimensions. Each party will ensure Data meets defined thresholds for accuracy, completeness, consistency, timeliness, validity, and uniqueness.
6.2 Controls. Implement validation rules, reference data management, deduplication, and data profiling prior to transmission; maintain version control and change logs.
6.3 Issue management. Establish a ticketing process for data defects, root-cause analysis, corrective actions, and SLA-based resolution (e.g., priority defects resolved within [X] business days).
6.4 Reconciliation. For transactional data, implement periodic reconciliations (e.g., PO-to-invoice matching) and exception reporting.

7. Security and Access Controls
7.1 Security baseline. Each party will implement administrative, technical, and physical controls proportionate to Data sensitivity, aligned to recognized frameworks (e.g., ISO/IEC 27001 or SOC 2).
7.2 Controls include:
- Encryption: TLS 1.2+ in transit; AES-256 (or equivalent) at rest.
- Identity and access management: role-based access control, least privilege, MFA, periodic access reviews.
- Network and endpoint security: segmentation, secure configurations, patching, anti-malware, EDR.
- Application security: secure SDLC, vulnerability scanning, penetration testing, change management.
- Logging and monitoring: centralized logs, immutable audit trails, anomaly detection, time-synchronized systems.
- Data segregation: logical or physical separation of tenant data; key management practices.
- Backup and recovery: encrypted backups, tested disaster recovery plans, RTO/RPO consistent with business needs.
7.3 Data transfer methods. Exchanges will occur via secure channels (e.g., SFTP over SSH, HTTPS APIs with OAuth2, or managed EDI). Hash-based integrity checks will be used to validate payloads.
7.4 Secure disposal. Upon deletion, data-bearing media will be securely sanitized or destroyed per NIST SP 800-88 (or equivalent).

8. Incident Management and Breach Notification
8.1 Incident response. Each party will maintain an incident response plan covering identification, containment, eradication, recovery, and post-incident review.
8.2 Notification. In the event of a confirmed security incident affecting Data, the impacted party will notify the other without undue delay and in any case within [72] hours of confirmation, providing: incident description, affected Data types, scope, mitigation, and contact point.
8.3 Cooperation. The parties will cooperate on investigation, regulatory notifications, and remedial measures.

9. Retention and Deletion
9.1 Retention. Each party will retain Data only for the duration needed to fulfill the Purpose and comply with legal obligations, subject to documented retention schedules.
9.2 Deletion or return. Upon termination or upon request after the Purpose is fulfilled, each party will return or securely delete Data within [30] days, and certify deletion; backups will be expired per standard rotation, with secure deletion at end-of-life.
9.3 Legal hold. If Data is subject to a legal hold, deletion will be deferred until the hold is lifted.

10. Audit and Assurance
10.1 Right to audit. Upon reasonable notice, Buyer may audit Supplier A’s compliance with this Agreement and DPA, including review of security controls, data flows, and subprocessors; Supplier A may similarly audit Buyer where acting as Processor. Audits will occur no more than once per year unless a material incident occurs.
10.2 Independent attestations. Each party will provide current independent assurance reports upon request (e.g., ISO 27001 certificate, SOC 2 Type II report), or equivalent evidence of control effectiveness.
10.3 Remediation. Identified deficiencies will be remediated within agreed timelines.

11. Subprocessors and Third Parties
11.1 Approval. A party acting as Processor may engage subprocessors only with prior written approval of the other party and subject to equivalent contractual obligations.
11.2 Due diligence. The engaging party will conduct security and privacy due diligence on subprocessors, ensuring appropriate technical and organizational measures.
11.3 List and updates. Maintain and provide an up-to-date list of subprocessors; notify of changes with sufficient time for objection where required by law.

12. Cross-Border Transfers
12.1 Mechanisms. Where Data is transferred across borders, the parties will implement appropriate safeguards such as EU Standard Contractual Clauses, UK IDTA/Addendum, or other legally recognized instruments. For transfers subject to PIPL, conduct transfer impact assessments and use standard contracts or security assessments as required.
12.2 Localization. If Applicable Law mandates data localization, the parties will architect solutions to comply (e.g., regional hosting, split processing).
12.3 Data mapping. Maintain a data flow map indicating jurisdictions, hosting locations, and transfer mechanisms.

13. Confidentiality
13.1 Obligations. Each party will protect the other’s Confidential Information using measures at least as protective as those applied to its own confidential information and no less than reasonable care.
13.2 Exceptions. Confidentiality does not apply to information that is public through no fault of the receiving party, known prior to disclosure, independently developed, or disclosed under legal compulsion (with notice where permissible).

14. Data Subject Rights and Privacy Notices
14.1 Requests. Each party will reasonably assist the other in responding to data subject requests (access, correction, deletion, restriction, portability, opt-out) in compliance with Applicable Law.
14.2 Notices. Each party will maintain appropriate privacy notices and, where required, obtain consents or provide opt-out mechanisms relevant to the Data shared.

15. Intellectual Property and Ownership
15.1 Ownership. Each party retains ownership of its originating Data. No intellectual property rights are transferred except limited licenses to use Data for the Purpose.
15.2 License. The receiving party is granted a non-exclusive, non-transferable license to use the Data solely as permitted under this Agreement.
15.3 Feedback. Non-confidential feedback about data exchange processes may be used to improve services, without disclosure of Confidential Information.

16. Warranties and Disclaimers
16.1 Warranties. Each party warrants it has the right to share Data and that Data will not knowingly infringe third-party rights. Each party warrants compliance with Applicable Law and that it will implement and maintain security controls described herein.
16.2 Disclaimers. Except as expressly stated, Data is provided “as is” and may contain errors; the receiving party must apply appropriate validations and controls.

17. Liability and Indemnity
17.1 Indemnity. Each party will indemnify the other against third-party claims arising from its breach of this Agreement, violations of Applicable Law, or security incidents caused by its failure to implement required controls.
17.2 Limitation. Except for breaches of confidentiality, willful misconduct, or violation of data protection obligations, neither party will be liable for indirect or consequential damages. Aggregate liability will be capped at [amount or formula], unless prohibited by law.

18. Term, Termination, and Suspension
18.1 Term. This Agreement commences on the Effective Date and continues until terminated by either party with [60] days’ written notice or upon termination of the underlying procurement contract.
18.2 Suspension. Either party may suspend data exchanges upon suspected breach, security incident, or legal risk, with prompt notice and efforts to mitigate.
18.3 Effect of termination. Upon termination, Section 9 (Deletion/Return), Section 13 (Confidentiality), Section 17 (Liability/Indemnity), and audit rights relating to pre-termination periods survive.

19. Change Management
19.1 Schema and process changes. Material changes to data schemas, exchange frequency, formats, or endpoints require [30] days’ advance notice and testing in a non-production environment.
19.2 Versioning. Maintain semantic versioning of APIs and data structures; deprecations will include backward-compatible grace periods.

20. Notices and Points of Contact
20.1 Notices. Formal notices must be in writing and sent to the addresses listed above, or to designated email addresses for legal notices.
20.2 Points of contact. Each party will designate:
- Data Protection Officer or Privacy Lead
- Security Incident Contact
- Data Steward(s) for procurement domains
- Technical Contact for integration

21. Governing Law and Dispute Resolution
21.1 Governing law. This Agreement is governed by the laws of [jurisdiction], excluding conflict-of-laws principles.
21.2 Dispute resolution. The parties will first attempt good-faith resolution through senior management. Unresolved disputes shall be submitted to [court jurisdiction/arbitration rules], unless otherwise required by Applicable Law.

22. Order of Precedence
22.1 In case of conflict: DPA and mandatory regulatory terms prevail over this Agreement; this Agreement prevails over operational documents (e.g., integration guides), unless explicitly stated.

23. Entire Agreement and Amendments
23.1 Entire agreement. This Agreement, including schedules and the DPA, constitutes the entire agreement regarding data sharing.
23.2 Amendments. Amendments must be in writing and signed by both parties.

Signatures
Buyer: ___________________________ Name/Title: _____________________ Date: ____________
Supplier A: ________________________ Name/Title: _____________________ Date: ____________

Schedules
Schedule A: Data Inventory and Classification
- Data elements, sensitivity classification, personal data indicators, retention periods, applicable controls.

Schedule B: Security Controls and Technical Integration
- Encryption standards, IAM policies, logging/monitoring specs, interface specifications (SFTP/API/EDI), key management, backup/DR parameters.

Schedule C: Data Processing Addendum
- Controller/Processor terms, data subject rights workflows, subprocessor list and approval, cross-border transfer safeguards, audit rights, CPRA Service Provider restrictions.

Schedule D: Cross-Border Transfer Mechanisms
- Applicable SCCs/UK Addendum, localization requirements, transfer impact assessments, jurisdictional hosting.

Schedule E: Data Quality Metrics and SLAs
- Quality thresholds, validation rulesets, reconciliation cadences, defect categories, remediation timelines.