撰写数据共享协议

数据共享协议

协议编号：[编号] 签署日期：[日期] 甲方（数据提供方）：[单位名称]，地址：[地址]，统一社会信用代码：[代码] 乙方（数据接收方）：[单位名称]，地址：[地址]，统一社会信用代码：[代码]

一、目的与范围 1.1 本协议旨在规范甲乙双方在合法、合规、可控的前提下开展数据共享与使用活动，确保数据安全、质量与隐私保护，提升数据价值。 1.2 本协议适用于甲方向乙方提供的数据及乙方基于该数据进行的处理、使用、存储、传输、展示、衍生分析等活动。 1.3 共享数据仅限于实现本协议约定的业务目的，未经双方书面同意不得变更用途或范围。

二、定义 2.1 数据：指以电子或其他方式记录的信息，包括结构化与非结构化数据。 2.2 个人信息：以电子或其他方式记录的与已识别或可识别的自然人有关的各种信息。 2.3 敏感个人信息：一旦泄露或非法使用，可能导致自然人受到歧视或人身、财产安全受损的个人信息，包括生物识别、医疗健康、金融账户、行踪轨迹等。 2.4 匿名化处理：对个人信息进行处理，使其不可识别特定自然人且不可复原的过程。 2.5 去标识化：对个人信息中直接识别个人的标识进行删除或替换，但仍可能通过其他信息进行重新识别的过程。 2.6 数据提供方：指本协议中向对方共享数据的一方。 2.7 数据接收方：指本协议中接收并使用共享数据的一方。 2.8 数据治理角色：包括数据所有者、数据管理员（数据托管人）、数据使用者、安全与合规责任人等。

三、共享目的与业务场景 3.1 共享目的：[如联合分析/业务协同/风控核验/行业研究/监管报送支持等]。 3.2 使用边界：乙方仅可在本协议约定的业务场景中使用共享数据，不得用于画像、营销或其他未授权目的。 3.3 最小化原则：共享数据的字段、时效与粒度应以实现目的所必需为限。

四、数据类别与数据集说明 4.1 数据分类：

• 公开数据：依法可公开且不涉及个人信息或商业秘密的数据。
• 受限数据：涉及业务敏感信息或含有限制性条款的数据。
• 个人信息：包含一般个人信息与敏感个人信息。 4.2 数据集清单（附件一：数据字典与字段说明）：
• 数据集名称、来源系统、字段列表、数据类型、含义、取值范围、质量规则、更新频率、时间范围。 4.3 元数据要求（附件一）：
• 数据血缘、版本号、采集时间戳、处理规则、口径说明。

五、合法合规要求 5.1 双方应遵守适用法律法规与监管要求，包括但不限于《中华人民共和国个人信息保护法》《中华人民共和国数据安全法》《中华人民共和国网络安全法》及相关行业规范。 5.2 个人信息处理合法基础：乙方处理个人信息应具备合法基础（如履行合同、依法履责、合法同意、公共利益等），并保留相应证明。 5.3 跨境传输：涉及个人信息或重要数据跨境传输的，应依法开展安全评估、认证或签订标准合同，并经必要备案。 5.4 政策对齐：双方应建立并执行数据政策，包括数据分类分级、访问控制、留存与删除、质量与安全要求。

六、角色与责任分工 6.1 甲方责任：

• 明确数据所有权与共享授权，保证数据来源合法并具备共享权利。
• 提供完整数据说明与质量规则，输出数据质量评估报告。
• 指定数据管理员与合规联系人，负责共享过程的管理与监督。 6.2 乙方责任：
• 在许可边界内处理数据，确保合法合规、目的限定与最小化。
• 落实安全与隐私保护措施，按要求开展留存、删除与审计。
• 指定数据管理员与个人信息保护负责人，负责使用管理与合规。 6.3 共同责任：
• 建立数据共享台账，记录数据集、批次、权限、用途、保留期限与责任人。
• 定期开展合规与安全评估，闭环整改问题。

七、技术传输与接口管理 7.1 传输方式：经双方同意采用安全机制（如加密API、SFTP、专线、VPN、可信计算环境）。 7.2 加密与认证：传输采用TLS 1.2及以上；静态数据采用AES-256或同等级加密；启用双因素认证与密钥轮换机制。 7.3 接口管控：配置IP白名单、访问令牌、速率限制；接口变更需提前[15]个工作日通知并完成回归测试。 7.4 完整性校验：采用哈希校验或数字签名，确保数据未被篡改。 7.5 环境隔离：测试、预生产、生产环境隔离，禁止在非生产环境使用真实个人信息，需采用脱敏或匿名化数据。

八、数据质量管理 8.1 质量维度：完整性、准确性、一致性、及时性、唯一性、可追溯性。 8.2 质量规则：双方在附件一中明确字段级校验规则、容错阈值与异常处理流程。 8.3 验收与回滚：乙方在接收后进行质量验收；如严重不合格，甲方应在约定时限内纠正或回滚。 8.4 质量监控：建立自动化质量监控与告警机制，异常应在[24]小时内初步通报并在[72]小时内提供整改方案。

九、隐私与敏感数据保护 9.1 去标识化与匿名化：对含个人信息的数据应优先去标识化，敏感场景采用匿名化或差分隐私等增强措施；匿名化数据不得与其他数据结合以重新识别。 9.2 同意与告知：如以同意为合法基础，甲方应确保已充分告知并取得可验证同意；乙方应尊重用户撤回权并及时停止相关处理。 9.3 敏感个人信息：采用更严格的访问审批、最小权限、操作留痕与访问隔离；必要时进行脱敏显示与输出控制。 9.4 儿童个人信息及特殊类别：如涉及未成年或受特别保护的数据，须额外审批与保护措施，并遵守专项规定。 9.5 数据主体权利：乙方应建立通道支持查询、复制、更正、删除、撤回同意等权利请求，并在法定或约定时限内处理。

十、访问控制与安全管理 10.1 权限模型：基于角色的访问控制（RBAC）与属性增强（ABAC），明确“谁可访问何数据、在何场景、做何操作、保存多久”。 10.2 身份与审计：启用强身份认证、会话管理与操作日志；日志保留不少于[12]个月，确保可审计与反溯。 10.3 最小化与分离：最小权限、岗位分离与关键操作双人复核。 10.4 第三方与分包：乙方如委托第三方处理，须经甲方书面许可并签署等同保护义务的协议；乙方对分包方的行为承担连带责任。 10.5 安全基线：合规加固、漏洞管理、补丁更新、恶意代码防护、数据泄漏防护（DLP），并定期开展渗透测试与安全评估。

十一、使用限制与再共享 11.1 未经甲方书面同意，乙方不得将共享数据再分发、再授权或用于与共享目的无关的活动。 11.2 禁止对共享数据进行反向工程以识别个人或推断商业机密。 11.3 衍生数据：乙方基于共享数据产生的统计或分析结果，如不含个人信息与商业机密，可按约定范围使用；涉及个人信息或可逆推的，应视同原始数据管理。

十二、保存期限与删除 12.1 保存期限：乙方应按附件二设定的保留期限保存数据，期满后应进行安全删除或不可逆匿名化处理。 12.2 删除流程：包含触发条件、审批、执行方式（覆盖删除/加密销毁）、证据留存（删除记录、截图、日志），并向甲方出具删除证明。 12.3 备份与恢复：备份数据与主数据适用相同安全与保留规则；恢复操作需审批与留痕。

十三、监控、审计与报告 13.1 审计：双方可对数据共享合规与安全进行定期审计或抽查；乙方应配合提供必要证据与访问。 13.2 指标与报表：建立共享使用报表（访问量、用途、异常、权限变化）；按月或季度共享给甲方。 13.3 权限评审：乙方应至少每季度开展权限核查与收敛。

十四、风险评估与合规管理 14.1 影响评估：涉及个人信息或重要数据的共享，乙方应开展个人信息保护影响评估（PIA），评估结果与整改计划存档并可供审计。 14.2 变更评估：业务场景、数据范围、处理方式、传输路径、第三方引入的重大变更须进行风险评估与审批。 14.3 合规培训：乙方应对相关人员开展年度合规与安全培训，并保留记录。

十五、变更管理 15.1 任一方拟变更数据集、接口、频率或用途，须提前[15]个工作日书面通知并完成技术与合规评审。 15.2 变更生效需双方书面确认，更新附件与共享台账。

十六、事件响应与违规处理 16.1 安全事件：如发生数据泄漏、篡改、丢失、未经授权访问等事件，乙方应在发现后[24]小时内进行初步通报，在[72]小时内提供详细报告与整改措施。 16.2 协同处置：双方应启动应急预案，必要时进行用户通知与监管报备，依法履行义务。 16.3 违约责任：一方违反本协议致使另一方遭受损失的，应承担相应赔偿；涉及监管处罚的，按法律法规执行。

十七、服务级别与支持 17.1 数据交付频率、时点与窗口：[约定] 17.2 支持响应：甲乙双方数据与技术支持的响应时限与处理流程：[约定] 17.3 可用性指标：接口可用性、延迟与吞吐基线指标：[约定]

十八、费用与结算 18.1 费用构成：一次性接入费、持续服务费、定制开发费、资源占用费等（如适用）。 18.2 结算方式与周期：[约定] 18.3 发票与税务处理：[约定]

十九、期限与终止 19.1 协议期限：[起止日期]；到期双方可协商续签。 19.2 终止：一方严重违约、目的终止或法律政策变化导致无法继续共享的，另一方可书面通知终止。 19.3 终止后的处理：乙方应在[30]日内完成数据删除与相关证明提交；保密义务与合规义务不因终止而免除。

二十、保密与知识产权 20.1 保密范围：共享数据、技术细节、业务信息、非公开文档。 20.2 保密义务：双方仅在本协议范围内使用保密信息，采取合理措施防止泄露。 20.3 知识产权：原始数据的权利归提供方所有；双方在本协议框架下形成的共同成果，按另行约定执行。

二十一、争议解决与适用法律 21.1 适用法律：本协议受中华人民共和国法律管辖。 21.2 争议解决：先行友好协商；协商不成的，提交[甲方所在地]有管辖权的人民法院诉讼解决。

二十二、沟通与联系人 22.1 数据管理员：

• 甲方：[姓名/职务/邮箱/电话]
• 乙方：[姓名/职务/邮箱/电话] 22.2 个人信息保护负责人/合规联系人：
• 甲方：[姓名/职务/邮箱/电话]
• 乙方：[姓名/职务/邮箱/电话] 22.3 事件通报渠道与时段：[约定]

二十三、附则 23.1 本协议经双方授权代表签字并加盖公章后生效。 23.2 本协议未尽事宜，由双方另行签署补充协议，补充协议与本协议具有同等法律效力。 23.3 附件为本协议组成部分：

• 附件一：数据字典与质量规则（含字段级规则、异常阈值、元数据说明）
• 附件二：保留期限与删除流程
• 附件三：接口与安全规范（API/SFTP规范、加密与认证要求、速率限制）
• 附件四：权限矩阵与审批流程
• 附件五：审计清单与报表模板
• 附件六：数据共享台账模板与变更记录

签署页

甲方（盖章）：____________________ 法定代表人/授权代表：____________________ 日期：____年__月__日

乙方（盖章）：____________________ 法定代表人/授权代表：____________________ 日期：____年__月__日

Data Sharing Agreement between Buyer and Supplier A

Effective Date: [insert date] Parties: [Buyer legal name], a [jurisdiction] entity with registered office at [address] (“Buyer”); and [Supplier A legal name], a [jurisdiction] entity with registered office at [address] (“Supplier A”).

1. Purpose and Scope 1.1 Purpose. This Agreement governs the exchange of data between Buyer and Supplier A for procurement-related activities, including supplier onboarding and qualification, purchase order processing, invoicing and payment reconciliation, performance management, compliance reporting, risk assessment, demand planning, and contract administration. 1.2 Scope. The Agreement covers the collection, transmission, access, use, storage, retention, disclosure, and disposal of Data (defined below) shared between the parties.

2. Definitions 2.1 “Data” means any information shared under this Agreement, including:

• Procurement master data: supplier profiles, legal entity information, certifications, bank details (masked where feasible), tax IDs, contacts.
• Transactional data: purchase orders, receipts, invoices, credit notes, payment status, delivery and logistics data.
• Performance and risk data: KPIs, quality metrics, on-time delivery rates, incident reports, audit findings, ESG information, sanctions screening results.
• Personal data: any information relating to identified or identifiable natural persons (e.g., contact names, business emails, phone numbers).
• Metadata: data lineage, timestamps, identifiers, versioning information. 2.2 “Confidential Information” means non-public information disclosed by either party, including Data classified as confidential. 2.3 “Applicable Law” means all laws and regulations governing data protection, privacy, cybersecurity, records retention, export controls, and sector-specific rules applicable to either party, including where relevant GDPR/UK GDPR, CCPA/CPRA, PIPL, and anti-corruption and sanctions laws. 2.4 “Controller,” “Processor,” “Service Provider,” and “Subprocessor” have the meanings under Applicable Law.

3. Roles and Responsibilities 3.1 Role allocation.

• For Buyer-origin Data containing personal data, Buyer acts as Controller and Supplier A acts as Processor/Service Provider.
• For Supplier-origin Data containing personal data, Supplier A acts as Controller and Buyer acts as Processor/Service Provider.
• If either party determines purposes jointly, the parties will execute a joint controller arrangement describing responsibilities. 3.2 Data stewardship. Each party will appoint a Data Owner and Data Steward for each Data domain to manage data quality, metadata, standards, access authorization, and issue remediation. 3.3 Governance. Each party will maintain a data catalog, classification scheme (e.g., public/internal/confidential/restricted), and documented standards for identifiers, code sets, reference data, and data exchange formats.

4. Permitted Use and Restrictions 4.1 Permitted use. Each party may use Data solely for the Purpose in Section 1.1 and to comply with legal and audit requirements. 4.2 Restrictions. Neither party may:

• Sell or share Data for targeted advertising or unrelated marketing.
• Use Data to profile individuals beyond the permitted Purpose.
• Re-identify de-identified or aggregated data, or attempt to do so.
• Disclose Data to third parties except as permitted in Section 11 (Subprocessors and Third Parties). 4.3 Minimization. Each party will share only Data that is necessary, proportionate, and relevant to the Purpose. 4.4 Derivative data. Aggregated or anonymized outputs may be retained and used for internal analytics if they cannot reasonably be linked to any individual or to the other party’s confidential business information.

5. Legal and Regulatory Compliance 5.1 Compliance. Each party will comply with Applicable Law and obtain necessary consents or notices for the sharing of personal data. 5.2 Data Processing Addendum. Where Processor/Service Provider processing is involved, the parties will incorporate a Data Processing Addendum (DPA) consistent with Article 28 GDPR/UK GDPR, CPRA, PIPL, and other applicable regimes. The DPA forms part of this Agreement. 5.3 Records and accountability. Each party will maintain records of processing activities, data flows, and transfer mechanisms where required by law.

6. Data Quality Management 6.1 Quality dimensions. Each party will ensure Data meets defined thresholds for accuracy, completeness, consistency, timeliness, validity, and uniqueness. 6.2 Controls. Implement validation rules, reference data management, deduplication, and data profiling prior to transmission; maintain version control and change logs. 6.3 Issue management. Establish a ticketing process for data defects, root-cause analysis, corrective actions, and SLA-based resolution (e.g., priority defects resolved within [X] business days). 6.4 Reconciliation. For transactional data, implement periodic reconciliations (e.g., PO-to-invoice matching) and exception reporting.

7. Security and Access Controls 7.1 Security baseline. Each party will implement administrative, technical, and physical controls proportionate to Data sensitivity, aligned to recognized frameworks (e.g., ISO/IEC 27001 or SOC 2). 7.2 Controls include:

• Encryption: TLS 1.2+ in transit; AES-256 (or equivalent) at rest.
• Identity and access management: role-based access control, least privilege, MFA, periodic access reviews.
• Network and endpoint security: segmentation, secure configurations, patching, anti-malware, EDR.
• Application security: secure SDLC, vulnerability scanning, penetration testing, change management.
• Logging and monitoring: centralized logs, immutable audit trails, anomaly detection, time-synchronized systems.
• Data segregation: logical or physical separation of tenant data; key management practices.
• Backup and recovery: encrypted backups, tested disaster recovery plans, RTO/RPO consistent with business needs. 7.3 Data transfer methods. Exchanges will occur via secure channels (e.g., SFTP over SSH, HTTPS APIs with OAuth2, or managed EDI). Hash-based integrity checks will be used to validate payloads. 7.4 Secure disposal. Upon deletion, data-bearing media will be securely sanitized or destroyed per NIST SP 800-88 (or equivalent).

8. Incident Management and Breach Notification 8.1 Incident response. Each party will maintain an incident response plan covering identification, containment, eradication, recovery, and post-incident review. 8.2 Notification. In the event of a confirmed security incident affecting Data, the impacted party will notify the other without undue delay and in any case within [72] hours of confirmation, providing: incident description, affected Data types, scope, mitigation, and contact point. 8.3 Cooperation. The parties will cooperate on investigation, regulatory notifications, and remedial measures.

9. Retention and Deletion 9.1 Retention. Each party will retain Data only for the duration needed to fulfill the Purpose and comply with legal obligations, subject to documented retention schedules. 9.2 Deletion or return. Upon termination or upon request after the Purpose is fulfilled, each party will return or securely delete Data within [30] days, and certify deletion; backups will be expired per standard rotation, with secure deletion at end-of-life. 9.3 Legal hold. If Data is subject to a legal hold, deletion will be deferred until the hold is lifted.

10. Audit and Assurance 10.1 Right to audit. Upon reasonable notice, Buyer may audit Supplier A’s compliance with this Agreement and DPA, including review of security controls, data flows, and subprocessors; Supplier A may similarly audit Buyer where acting as Processor. Audits will occur no more than once per year unless a material incident occurs. 10.2 Independent attestations. Each party will provide current independent assurance reports upon request (e.g., ISO 27001 certificate, SOC 2 Type II report), or equivalent evidence of control effectiveness. 10.3 Remediation. Identified deficiencies will be remediated within agreed timelines.

11. Subprocessors and Third Parties 11.1 Approval. A party acting as Processor may engage subprocessors only with prior written approval of the other party and subject to equivalent contractual obligations. 11.2 Due diligence. The engaging party will conduct security and privacy due diligence on subprocessors, ensuring appropriate technical and organizational measures. 11.3 List and updates. Maintain and provide an up-to-date list of subprocessors; notify of changes with sufficient time for objection where required by law.

12. Cross-Border Transfers 12.1 Mechanisms. Where Data is transferred across borders, the parties will implement appropriate safeguards such as EU Standard Contractual Clauses, UK IDTA/Addendum, or other legally recognized instruments. For transfers subject to PIPL, conduct transfer impact assessments and use standard contracts or security assessments as required. 12.2 Localization. If Applicable Law mandates data localization, the parties will architect solutions to comply (e.g., regional hosting, split processing). 12.3 Data mapping. Maintain a data flow map indicating jurisdictions, hosting locations, and transfer mechanisms.

13. Confidentiality 13.1 Obligations. Each party will protect the other’s Confidential Information using measures at least as protective as those applied to its own confidential information and no less than reasonable care. 13.2 Exceptions. Confidentiality does not apply to information that is public through no fault of the receiving party, known prior to disclosure, independently developed, or disclosed under legal compulsion (with notice where permissible).

14. Data Subject Rights and Privacy Notices 14.1 Requests. Each party will reasonably assist the other in responding to data subject requests (access, correction, deletion, restriction, portability, opt-out) in compliance with Applicable Law. 14.2 Notices. Each party will maintain appropriate privacy notices and, where required, obtain consents or provide opt-out mechanisms relevant to the Data shared.

15. Intellectual Property and Ownership 15.1 Ownership. Each party retains ownership of its originating Data. No intellectual property rights are transferred except limited licenses to use Data for the Purpose. 15.2 License. The receiving party is granted a non-exclusive, non-transferable license to use the Data solely as permitted under this Agreement. 15.3 Feedback. Non-confidential feedback about data exchange processes may be used to improve services, without disclosure of Confidential Information.

16. Warranties and Disclaimers 16.1 Warranties. Each party warrants it has the right to share Data and that Data will not knowingly infringe third-party rights. Each party warrants compliance with Applicable Law and that it will implement and maintain security controls described herein. 16.2 Disclaimers. Except as expressly stated, Data is provided “as is” and may contain errors; the receiving party must apply appropriate validations and controls.

17. Liability and Indemnity 17.1 Indemnity. Each party will indemnify the other against third-party claims arising from its breach of this Agreement, violations of Applicable Law, or security incidents caused by its failure to implement required controls. 17.2 Limitation. Except for breaches of confidentiality, willful misconduct, or violation of data protection obligations, neither party will be liable for indirect or consequential damages. Aggregate liability will be capped at [amount or formula], unless prohibited by law.

18. Term, Termination, and Suspension 18.1 Term. This Agreement commences on the Effective Date and continues until terminated by either party with [60] days’ written notice or upon termination of the underlying procurement contract. 18.2 Suspension. Either party may suspend data exchanges upon suspected breach, security incident, or legal risk, with prompt notice and efforts to mitigate. 18.3 Effect of termination. Upon termination, Section 9 (Deletion/Return), Section 13 (Confidentiality), Section 17 (Liability/Indemnity), and audit rights relating to pre-termination periods survive.

19. Change Management 19.1 Schema and process changes. Material changes to data schemas, exchange frequency, formats, or endpoints require [30] days’ advance notice and testing in a non-production environment. 19.2 Versioning. Maintain semantic versioning of APIs and data structures; deprecations will include backward-compatible grace periods.

20. Notices and Points of Contact 20.1 Notices. Formal notices must be in writing and sent to the addresses listed above, or to designated email addresses for legal notices. 20.2 Points of contact. Each party will designate:

• Data Protection Officer or Privacy Lead
• Security Incident Contact
• Data Steward(s) for procurement domains
• Technical Contact for integration

21. Governing Law and Dispute Resolution 21.1 Governing law. This Agreement is governed by the laws of [jurisdiction], excluding conflict-of-laws principles. 21.2 Dispute resolution. The parties will first attempt good-faith resolution through senior management. Unresolved disputes shall be submitted to [court jurisdiction/arbitration rules], unless otherwise required by Applicable Law.

22. Order of Precedence 22.1 In case of conflict: DPA and mandatory regulatory terms prevail over this Agreement; this Agreement prevails over operational documents (e.g., integration guides), unless explicitly stated.

23. Entire Agreement and Amendments 23.1 Entire agreement. This Agreement, including schedules and the DPA, constitutes the entire agreement regarding data sharing. 23.2 Amendments. Amendments must be in writing and signed by both parties.

Signatures Buyer: ___________________________ Name/Title: _____________________ Date: ____________ Supplier A: ________________________ Name/Title: _____________________ Date: ____________

Schedules Schedule A: Data Inventory and Classification

• Data elements, sensitivity classification, personal data indicators, retention periods, applicable controls.

Schedule B: Security Controls and Technical Integration

• Encryption standards, IAM policies, logging/monitoring specs, interface specifications (SFTP/API/EDI), key management, backup/DR parameters.

Schedule C: Data Processing Addendum

• Controller/Processor terms, data subject rights workflows, subprocessor list and approval, cross-border transfer safeguards, audit rights, CPRA Service Provider restrictions.

Schedule D: Cross-Border Transfer Mechanisms

• Applicable SCCs/UK Addendum, localization requirements, transfer impact assessments, jurisdictional hosting.

Schedule E: Data Quality Metrics and SLAs

• Quality thresholds, validation rulesets, reconciliation cadences, defect categories, remediation timelines.