All Countries
Data Privacy
Data Controller To Data Controller Agreement

Data Controller To Data Controller Agreement Template for Denmark

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Controller To Data Controller Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Controller To Data Controller Agreement

Celebrated by
Collaborations with
Investors
Document background
The Data Controller to Data Controller Agreement is essential when two organizations need to share personal data while maintaining independent control over their respective data processing activities. This agreement is specifically designed for use under Danish law and GDPR requirements, providing a robust framework for compliant data sharing. It should be used whenever two organizations, acting as separate data controllers, need to establish a formal arrangement for sharing personal data, whether for business partnerships, service delivery, or other legitimate purposes. The agreement includes crucial elements such as data protection responsibilities, security measures, breach notification procedures, and mechanisms for protecting data subject rights, all aligned with Danish legal requirements and GDPR obligations. It's particularly important for organizations operating in Denmark or subject to Danish jurisdiction, as it incorporates specific national data protection requirements while ensuring broader EU law compliance.
Suggested Sections

1. Parties: Identification and details of both data controllers entering into the agreement

2. Background: Context of the data sharing relationship and purpose of the agreement

3. Definitions: Definitions of key terms used throughout the agreement, including GDPR-specific terminology

4. Purpose and Scope: Detailed description of the purpose of data sharing and scope of data processing activities

5. Roles and Responsibilities: Clear delineation of each controller's obligations and responsibilities under GDPR

6. Legal Basis for Processing: Specification of the legal grounds under GDPR for the data sharing between controllers

7. Data Protection Principles: Commitment to GDPR principles including lawfulness, fairness, transparency, purpose limitation, and data minimization

8. Security Measures: Technical and organizational measures required to ensure appropriate security of shared personal data

9. Data Subject Rights: Procedures for handling data subject requests and ensuring data subject rights are respected

10. Personal Data Breaches: Procedures for notification and cooperation in case of data breaches

11. Term and Termination: Duration of the agreement and conditions for termination

12. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, specifying transfer mechanisms and safeguards

2. Joint Controller Arrangements: Required when the parties act as joint controllers for certain processing activities

3. Special Categories of Data: Required when sharing involves sensitive personal data, specifying additional safeguards

4. Direct Marketing: Required when personal data will be used for direct marketing purposes

5. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals

6. Liability and Indemnification: Detailed provisions on liability allocation and indemnification between controllers

7. Insurance: Requirements for maintaining specific insurance coverage

8. Audit Rights: Provisions for conducting audits of data protection compliance

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories being shared between controllers

2. Schedule 2 - Purposes of Processing: Detailed description of all processing purposes and activities

3. Schedule 3 - Technical and Organizational Measures: Detailed description of security measures implemented by both parties

4. Schedule 4 - Data Subject Categories: List and description of categories of data subjects whose data is being shared

5. Schedule 5 - Authorized Sub-processors: List of approved sub-processors (if any) used by either controller

6. Schedule 6 - Contact Points: List of key contacts for operational, security, and data protection matters

7. Appendix A - Data Flow Diagram: Visual representation of how data flows between the controllers

8. Appendix B - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches

Authors

Linkedin in social icon imageX social icon image
Relevant legal definitions
Agreement
Applicable Data Protection Law
Business Day
Controller
Data Protection Impact Assessment
Data Subject
Data Subject Rights
Danish Data Protection Act
Effective Date
GDPR
Personal Data
Personal Data Breach
Processing
Processor
Receiving Controller
Regulatory Authority
Security Measures
Sending Controller
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Party
Transfer Mechanisms
Transferred Personal Data
Working Day
Data Protection Officer
Confidential Information
Permitted Purpose
Authorized Personnel
Data Protection Laws
EEA
Force Majeure Event
International Transfer
Representatives
Relevant Industries
Relevant Teams
Relevant Roles
Industries
General Data Protection Regulation (GDPR): The EU's fundamental data protection law that sets requirements for personal data processing, including legal bases for data sharing between controllers and obligations of data controllers
Danish Data Protection Act (Databeskyttelsesloven): The Danish implementation of GDPR that provides additional national requirements and specifications for data protection in Denmark
Danish Contracts Act (Aftaleloven): Provides the legal framework for contract formation and validity under Danish law, essential for the agreement's enforceability
Danish Administration of Justice Act (Retsplejeloven): Relevant for dispute resolution provisions and enforcement of the agreement under Danish law
ePrivacy Directive (as implemented in Danish law): Relevant if the data sharing involves electronic communications data or cookie information
Danish Marketing Practices Act (Markedsføringsloven): Applicable if the data sharing involves personal data for marketing purposes
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

find out more

DPA Contract

find out more

DPA Addendum

find out more

Data Processing Addendum DPA

find out more

Controller To Controller Data Processing Agreement

find out more

Data Controller To Data Controller Agreement

find out more

Intercompany Data Processing Agreement

find out more

Controller To Controller DPA

find out more

DPA Agreement

find out more

Data Transfer Addendum

find out more

Controller Processor Agreement

find out more

Sub Processing Agreement

find out more

International Data Transfer Agreement

find out more

Data Protection Addendum

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.