All Countries
Data Privacy
Controller Processor Agreement

Controller Processor Agreement Template for Denmark

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller Processor Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller Processor Agreement

Celebrated by
Collaborations with
Investors
Document background
The Controller Processor Agreement is required whenever an organization (the data controller) engages another party (the data processor) to process personal data on its behalf under Danish jurisdiction. This requirement stems from Article 28 of the GDPR and the Danish Data Protection Act, which mandate a written agreement governing such processing activities. The document must detail the subject matter and duration of processing, its nature and purpose, the types of personal data involved, and categories of data subjects. It should also establish clear obligations regarding data security, confidentiality, sub-processor engagement, and assistance with data subject rights. The agreement must comply with both EU-wide GDPR requirements and specific Danish legal and regulatory frameworks, including guidelines from the Danish Data Protection Authority. This document is essential for establishing clear accountability and ensuring legal compliance in data processing relationships.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including legal names, registration numbers, and contact details

2. Background: Context of the agreement and the relationship between the parties

3. Definitions: Key terms used in the agreement, including those from GDPR and Danish law

4. Scope and Purpose: Description of the processing activities covered by the agreement

5. Controller's Instructions: Clear instructions from the controller regarding data processing and the processor's obligation to follow them

6. Confidentiality: Obligations regarding confidentiality and ensuring staff compliance

7. Security of Processing: Technical and organizational measures required to ensure appropriate security

8. Sub-processors: Rules and procedures for engaging sub-processors

9. Data Subject Rights: Processor's obligations to assist controller with data subject requests

10. Personal Data Breach: Notification requirements and procedures for handling data breaches

11. Audit Rights: Controller's rights to audit and processor's obligation to contribute

12. Term and Termination: Duration of the agreement and termination provisions

13. Data Deletion/Return: Obligations regarding data handling upon agreement termination

14. Liability and Indemnification: Allocation of liability and indemnification obligations

15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EU/EEA

2. Special Categories of Data: Additional requirements when processing sensitive personal data

3. Data Protection Impact Assessments: Processor's obligations to assist with DPIAs when required

4. Insurance Requirements: Specific insurance obligations for the processor

5. Service Level Agreement: Specific performance metrics and standards for the processing activities

6. Business Continuity: Requirements for ensuring continuous processing capabilities

7. Exit Management: Detailed procedures for transitioning services upon termination

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including types of data, categories of data subjects, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable

5. Schedule 5 - Contact Points: List of key contacts for operational, security, and breach notification purposes

6. Appendix A - Standard Contractual Clauses: EU SCCs if required for international transfers

7. Appendix B - Security Breach Response Plan: Detailed procedures for handling and reporting security breaches

Authors

Linkedin in social icon imageX social icon image
Relevant legal definitions
Agreement
Applicable Data Protection Law
Controller
Danish Data Protection Act
Data Subject
Data Protection Authority
Datatilsynet
EEA
EU Standard Contractual Clauses
GDPR
Personal Data
Personal Data Breach
Processing
Processor
Sub-processor
Special Categories of Personal Data
Technical and Organizational Measures
Third Country
Instructions
Confidential Information
Services
Supervisory Authority
Business Day
Force Majeure
Representatives
Term
Processing Activities
Authorized Persons
Data Protection Impact Assessment
Security Breach Response Plan
Relevant Industries
Relevant Teams
Relevant Roles
Industries
General Data Protection Regulation (GDPR): The EU's fundamental data protection law that sets requirements for personal data processing, including mandatory elements of controller-processor agreements under Article 28
Danish Data Protection Act (Databeskyttelsesloven): The Danish implementation of GDPR that supplements and specifies certain GDPR provisions in the Danish context
Danish Data Protection Authority Guidelines: Specific guidelines issued by Datatilsynet (Danish DPA) regarding requirements for data processing agreements
Danish Contract Law (Aftaleloven): General Danish contract law principles that govern the formation and validity of agreements
EU Standard Contractual Clauses for Processors: EU Commission's standard contractual clauses that may be incorporated or referenced in controller-processor agreements, especially for international data transfers
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

find out more

DPA Contract

find out more

DPA Addendum

find out more

Data Processing Addendum DPA

find out more

Controller To Controller Data Processing Agreement

find out more

Data Controller To Data Controller Agreement

find out more

Intercompany Data Processing Agreement

find out more

Controller To Controller DPA

find out more

DPA Agreement

find out more

Data Transfer Addendum

find out more

Controller Processor Agreement

find out more

Sub Processing Agreement

find out more

International Data Transfer Agreement

find out more

Data Protection Addendum

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.