All Countries
Data Privacy
Data Protection Addendum

Data Protection Addendum Template for Denmark

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Protection Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Protection Addendum

Celebrated by
Collaborations with
Investors
Document background
A Data Protection Addendum (DPA) is a mandatory legal document required under both EU GDPR and Danish data protection law whenever a company (controller) engages another party (processor) to process personal data on its behalf. This document supplements the main service agreement between parties and specifically addresses data protection obligations. It must comply with Article 28 of the GDPR and additional requirements under the Danish Data Protection Act. The DPA includes essential provisions regarding data security measures, breach notifications, sub-processor appointments, and international data transfers. It's particularly crucial in the Danish context as it must address specific local regulatory requirements while maintaining alignment with broader EU data protection principles.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and registration details

2. Background: Context of the relationship between parties and reference to the main service agreement this DPA supplements

3. Definitions: Key terms used in the DPA, including those from GDPR and Danish Data Protection Act

4. Scope and Purpose: Details of the types of personal data being processed and the purposes of processing

5. Duration: Term of the DPA, typically linked to the main agreement's duration

6. Nature and Purpose of Processing: Detailed description of how and why the data will be processed

7. Processor Obligations: Core obligations of the processor under GDPR Article 28 and Danish law

8. Sub-processing: Conditions and requirements for engaging sub-processors

9. Technical and Organizational Measures: Security measures required to protect personal data

10. Data Subject Rights: Processor's obligations to assist with data subject requests

11. Personal Data Breach: Notification requirements and procedures for handling data breaches

12. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

13. Return or Deletion of Data: Requirements for data handling upon agreement termination

14. Liability and Indemnification: Allocation of responsibilities and liabilities between parties

15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, incorporating EU SCCs

2. Special Categories of Data: Additional requirements when processing sensitive personal data under Article 9 GDPR

3. Data Protection Impact Assessment: Specific obligations when processing requires a DPIA under Danish law

4. Joint Controller Provisions: Required when the relationship includes elements of joint controllership

5. Insurance Requirements: Specific insurance obligations for high-risk processing activities

6. Processor Personnel: Detailed requirements for staff training and confidentiality when specific personnel requirements apply

Suggested Schedules

1. Schedule 1 - Details of Processing: Detailed matrix of data categories, processing purposes, retention periods, and data subjects

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Applicable Standard Contractual Clauses or other transfer mechanisms if required

5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Schedule 6 - Audit Requirements: Specific procedures and requirements for conducting compliance audits

Authors

Linkedin in social icon imageX social icon image
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Sub-processor
Controller
Danish Data Protection Act
Data Subject
Data Protection Impact Assessment
EEA
GDPR
Main Agreement
Personal Data
Personal Data Breach
Processing
Processor
Sensitive Personal Data
Services
Standard Contractual Clauses
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Third Country
Transfer Mechanism
Datatilsynet
Appropriate Safeguards
Documented Instructions
Data Protection Officer
Confidential Information
Security Breach Response Plan
Data Processing Register
Cross-border Processing
Data Minimization
Purpose Limitation
Storage Limitation
Processing Record
Special Categories of Personal Data
Restricted Transfer
International Organization
Binding Corporate Rules
Relevant Industries
Relevant Teams
Relevant Roles
Industries
General Data Protection Regulation (GDPR): The primary EU regulation governing personal data processing, directly applicable in Denmark. Key focus on Articles 28-36 regarding processor obligations and data transfer requirements.
Danish Data Protection Act (Databeskyttelsesloven): The Danish implementation of GDPR, containing additional national requirements and specifications for data processing in Denmark.
Danish Executive Order on Data Protection Impact Assessments: Specific Danish requirements for when and how to conduct data protection impact assessments, which might need to be referenced in the DPA.
EU Standard Contractual Clauses (SCCs): Required for international data transfers outside the EEA, if applicable to the data processing relationship.
Danish Data Protection Authority Guidelines: Guidelines and recommendations from Datatilsynet (Danish DPA) on requirements for data processing agreements and security measures.
Danish Executive Order on Security Measures: Specific Danish requirements regarding technical and organizational security measures for data processing.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

find out more

DPA Contract

find out more

DPA Addendum

find out more

Data Processing Addendum DPA

find out more

Controller To Controller Data Processing Agreement

find out more

Data Controller To Data Controller Agreement

find out more

Intercompany Data Processing Agreement

find out more

Controller To Controller DPA

find out more

DPA Agreement

find out more

Data Transfer Addendum

find out more

Controller Processor Agreement

find out more

Sub Processing Agreement

find out more

International Data Transfer Agreement

find out more

Data Protection Addendum

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.