All Countries
Data Privacy
Data Processing Addendum DPA

Data Processing Addendum DPA Template for Denmark

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Processing Addendum DPA

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Processing Addendum DPA

Celebrated by
Collaborations with
Investors
Document background
The Data Processing Addendum (DPA) is a mandatory legal document required whenever a company (controller) engages another company (processor) to process personal data on its behalf under Danish jurisdiction. This document is essential for compliance with Article 28 of the GDPR and the Danish Data Protection Act. The DPA defines the roles, responsibilities, and obligations of both parties, including requirements for data security, confidentiality, sub-processing, and international transfers. It incorporates specific Danish legal requirements and must align with guidelines from the Danish Data Protection Agency. This document is typically used as an addendum to a main service agreement and includes detailed technical and organizational measures, breach notification procedures, and audit rights.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including their legal representatives

2. Background: Context of the relationship between parties and purpose of the DPA

3. Definitions: Key terms used in the agreement, including GDPR-specific terminology

4. Scope and Purpose: Detailed description of the processing activities covered by the DPA

5. Controller's Rights and Obligations: Responsibilities and authorities of the data controller

6. Processor's Obligations: Core obligations of the processor including security measures, confidentiality, and assistance requirements

7. Sub-processors: Rules and procedures for engaging sub-processors

8. Data Transfers: Requirements and safeguards for international data transfers

9. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations

10. Data Breach Notification: Procedures and timelines for reporting data breaches

11. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance

12. Term and Termination: Duration of the DPA and termination provisions

13. Return or Deletion of Data: Obligations regarding personal data upon termination

14. Liability and Indemnification: Allocation of liability and indemnification obligations

15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction

Optional Sections

1. Insurance Requirements: Specific insurance obligations for the processor, recommended for high-risk processing

2. Special Categories of Data: Additional safeguards for processing sensitive data, required when processing special categories of personal data

3. Data Protection Impact Assessments: Processor's obligations regarding DPIAs, needed for high-risk processing

4. Processor's Personnel: Specific requirements for processor's staff, recommended for processing requiring special qualifications

5. Business Continuity: Business continuity and disaster recovery requirements, recommended for critical processing activities

6. Exit Management: Detailed exit procedures, recommended for complex processing arrangements

Suggested Schedules

1. Description of Processing: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Technical and Organizational Measures: Detailed security measures implemented by the processor

3. Approved Sub-processors: List of approved sub-processors and their processing activities

4. Transfer Mechanisms: Details of transfer mechanisms for international data transfers, including SCCs if applicable

5. Contact Points and Procedures: Key contacts and detailed procedures for operational matters

6. Audit Requirements: Specific audit procedures and requirements

7. Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

Authors

Linkedin in social icon imageX social icon image
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Controller
Danish Data Protection Act
Data Subject
Data Subject Rights
EEA
EU Standard Contractual Clauses
GDPR
Main Agreement
Personal Data
Personal Data Breach
Processing
Processor
Restricted Transfer
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Third Country
Transfer Mechanisms
Datatilsynet
Confidential Information
Authorized Persons
Data Protection Impact Assessment
Records of Processing
Processing Instructions
Security Incident
Cross-border Processing
Clauses
Scope of Processing
Processing Instructions
Confidentiality
Data Security
Sub-processing
Data Subject Rights
International Transfers
Audit Rights
Data Breach Notification
Compliance Assistance
Record Keeping
Data Protection Impact Assessment
Data Return and Deletion
Liability and Indemnification
Term and Termination
Governing Law
Personnel Obligations
Technical Measures
Organizational Measures
Cross-border Processing
Breach Reporting
Supervisory Authority Cooperation
Documentation Requirements
Special Categories Processing
Data Minimization
Storage Limitation
Relevant Industries
Relevant Teams
Relevant Roles
Industries
General Data Protection Regulation (GDPR): The primary EU regulation governing personal data processing, setting requirements for data processing agreements and obligations of controllers and processors
Danish Data Protection Act (Databeskyttelsesloven): The national law implementing GDPR in Denmark, providing specific Danish requirements for data processing
EU Standard Contractual Clauses (SCCs): Required for international data transfers outside the EEA, updated post-Schrems II decision
Danish Data Protection Agency Guidelines: Specific guidelines issued by Datatilsynet regarding data processing agreements and compliance requirements
EU ePrivacy Directive: Relevant for processing of electronic communications data and cookies, implemented in Danish law
Danish Executive Order on Data Protection: Supplementary regulations providing specific requirements for data processing in Denmark
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

find out more

DPA Contract

find out more

DPA Addendum

find out more

Data Processing Addendum DPA

find out more

Controller To Controller Data Processing Agreement

find out more

Data Controller To Data Controller Agreement

find out more

Intercompany Data Processing Agreement

find out more

Controller To Controller DPA

find out more

DPA Agreement

find out more

Data Transfer Addendum

find out more

Controller Processor Agreement

find out more

Sub Processing Agreement

find out more

International Data Transfer Agreement

find out more

Data Protection Addendum

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.