All Countries
Compliance
Data Privacy Addendum

Data Privacy Addendum Template for Denmark

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Privacy Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Privacy Addendum

Celebrated by
Collaborations with
Investors
Document background
The Data Privacy Addendum is a critical legal document required whenever a business relationship involves the processing of personal data under Danish jurisdiction. It supplements existing service agreements to ensure compliance with the General Data Protection Regulation (GDPR) and Danish data protection laws. This document becomes necessary when one party (the data processor) processes personal data on behalf of another party (the data controller), establishing clear responsibilities, security requirements, and compliance obligations. The addendum is particularly important in the Danish context as it must address specific requirements under the Danish Data Protection Act while maintaining alignment with broader EU data protection principles. It includes detailed provisions for data handling, security measures, breach notifications, and international data transfers, making it essential for any business relationship involving personal data processing in Denmark.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and registered addresses

2. Background: Context of the DPA, reference to the main agreement, and purpose of the addendum

3. Definitions: Key terms used in the DPA, including those from GDPR and Danish Data Protection Act

4. Scope and Purpose of Processing: Details of what personal data will be processed, for what purposes, and the duration of processing

5. Obligations of the Data Processor: Core responsibilities of the processor including security measures, confidentiality, and cooperation requirements

6. Sub-processors: Rules for appointment and management of sub-processors, including authorization requirements

7. Data Subject Rights: Processes for handling data subject requests and processor's assistance obligations

8. Data Security: Required technical and organizational security measures

9. Personal Data Breach: Procedures for breach notification and management

10. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

11. Cross-border Data Transfers: Rules and safeguards for international data transfers

12. Term and Termination: Duration of the DPA and procedures for termination

13. Return or Deletion of Data: Obligations regarding personal data upon termination of services

14. Liability and Indemnification: Allocation of responsibility and liability between parties

15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction for disputes

Optional Sections

1. Special Categories of Personal Data: Additional safeguards required when processing sensitive personal data under Article 9 GDPR

2. Data Protection Impact Assessments: Include when high-risk processing requires DPIAs under Article 35 GDPR

3. Representatives in the EU: Required when either party is based outside the EU

4. Joint Controller Provisions: Include when the relationship involves joint controllership rather than controller-processor

5. Industry-Specific Requirements: Additional provisions for specific sectors (e.g., healthcare, financial services)

6. Data Protection Officer: Contact details and roles of DPOs where appointed by either party

7. Insurance Requirements: Specific insurance obligations for data protection risks

Suggested Schedules

1. Description of Processing Activities: Detailed description of personal data, categories of data subjects, processing purposes and activities

2. Technical and Organizational Measures: Detailed security measures implemented by the processor

3. Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Standard Contractual Clauses: EU SCCs for international data transfers where applicable

5. Data Breach Response Plan: Detailed procedures and contact information for breach response

6. Audit Procedures: Specific procedures and requirements for conducting compliance audits

7. Data Protection Impact Assessment Template: Template and procedures for conducting DPIAs when required

Authors

Linkedin in social icon imageX social icon image
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Persons
Business Day
Controller
Danish Data Protection Act
Data Protection Impact Assessment
Data Protection Laws
Data Subject
Data Subject Rights
EEA
EU Standard Contractual Clauses
GDPR
Personal Data
Personal Data Breach
Processing
Processor
Professional Services
Representatives
Restricted Transfer
Security Measures
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Country
Transfer Mechanisms
Controller to Processor SCCs
Data Processing Services
Documented Instructions
International Data Transfer
Main Agreement
Material Change
Notice
Personnel
Processing Activities
Processing Instructions
Purpose
Relevant Country
Security Breach
Service Agreement
Clauses
Definitions
Scope
Data Processing Obligations
Sub-processing
Technical Security
Confidentiality
Data Subject Rights
Cross-border Transfers
Audit Rights
Data Breach Notification
Liability
Term and Termination
Return or Deletion of Data
Compliance with Laws
Cooperation
Personnel Obligations
Record Keeping
Data Protection Impact Assessment
International Transfer Safeguards
Breach Management
Security Measures
Governing Law
Dispute Resolution
Force Majeure
Assignment
Notices
Severability
Entire Agreement
Amendment
Indemnification
Relevant Industries
Relevant Teams
Relevant Roles
Industries
General Data Protection Regulation (GDPR): The EU's fundamental regulation on data protection and privacy, directly applicable in Denmark. Sets out the main principles for personal data processing, data subject rights, and obligations of data controllers and processors.
Danish Data Protection Act (Databeskyttelsesloven): The Danish implementation of GDPR, supplementing and specifying certain aspects of data protection law in Denmark, including specific national requirements and derogations allowed under GDPR.
Danish Data Protection Executive Order: Detailed administrative rules and requirements for processing personal data in Denmark, providing specific guidance on implementation of the Data Protection Act.
EU Standard Contractual Clauses (SCCs): Required for international data transfers outside the EU/EEA, these must be incorporated when personal data will be transferred to third countries without an adequacy decision.
Danish Marketing Practices Act (Markedsføringsloven): Relevant for data processing in marketing contexts, including requirements for consent and electronic marketing communications.
Danish Act on Electronic Communications Networks and Services: Relevant for electronic communications data and cookie requirements, which may impact data processing activities.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Agreement Data Protection

find out more

DPA Data Protection Agreement

find out more

Data Privacy Contract

find out more

Supplier Data Processing Agreement

find out more

Data Privacy Addendum

find out more

Non Disclosure Agreement Data Protection

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.