The Data Processing Addendum (DPA) is a mandatory legal document required whenever a company (controller) engages another company (processor) to process personal data on its behalf under Danish jurisdiction. This document is essential for compliance with Article 28 of the GDPR and the Danish Data Protection Act. The DPA defines the roles, responsibilities, and obligations of both parties, including requirements for data security, confidentiality, sub-processing, and international transfers. It incorporates specific Danish legal requirements and must align with guidelines from the Danish Data Protection Agency. This document is typically used as an addendum to a main service agreement and includes detailed technical and organizational measures, breach notification procedures, and audit rights.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
Data Processing Addendum DPA
I need a Data Processing Addendum (DPA) under Danish law for my cloud software company that will process customer data across the EU and UK, with potential transfers to the US, starting January 2025.
1. Parties: Identification of the data controller and data processor, including their legal representatives
2. Background: Context of the relationship between parties and purpose of the DPA
3. Definitions: Key terms used in the agreement, including GDPR-specific terminology
4. Scope and Purpose: Detailed description of the processing activities covered by the DPA
5. Controller's Rights and Obligations: Responsibilities and authorities of the data controller
6. Processor's Obligations: Core obligations of the processor including security measures, confidentiality, and assistance requirements
7. Sub-processors: Rules and procedures for engaging sub-processors
8. Data Transfers: Requirements and safeguards for international data transfers
9. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations
10. Data Breach Notification: Procedures and timelines for reporting data breaches
11. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance
12. Term and Termination: Duration of the DPA and termination provisions
13. Return or Deletion of Data: Obligations regarding personal data upon termination
14. Liability and Indemnification: Allocation of liability and indemnification obligations
15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction
1. Insurance Requirements: Specific insurance obligations for the processor, recommended for high-risk processing
2. Special Categories of Data: Additional safeguards for processing sensitive data, required when processing special categories of personal data
3. Data Protection Impact Assessments: Processor's obligations regarding DPIAs, needed for high-risk processing
4. Processor's Personnel: Specific requirements for processor's staff, recommended for processing requiring special qualifications
5. Business Continuity: Business continuity and disaster recovery requirements, recommended for critical processing activities
6. Exit Management: Detailed exit procedures, recommended for complex processing arrangements
1. Description of Processing: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Technical and Organizational Measures: Detailed security measures implemented by the processor
3. Approved Sub-processors: List of approved sub-processors and their processing activities
4. Transfer Mechanisms: Details of transfer mechanisms for international data transfers, including SCCs if applicable
5. Contact Points and Procedures: Key contacts and detailed procedures for operational matters
6. Audit Requirements: Specific audit procedures and requirements
7. Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
Authors
Relevant legal definitions
Clauses
Relevant Industries
Technology and Software
Healthcare
Financial Services
E-commerce
Education
Manufacturing
Professional Services
Telecommunications
Cloud Services
Consulting
Research and Development
Human Resources Services
Marketing Services
Logistics and Transportation
Public Sector
Relevant Teams
Legal
Compliance
Information Security
Privacy
Risk Management
Information Technology
Procurement
Operations
Data Protection
Vendor Management
Information Governance
Corporate Affairs
Internal Audit
Relevant Roles
Data Protection Officer
Privacy Officer
Legal Counsel
Compliance Manager
Information Security Manager
Chief Information Security Officer
Chief Privacy Officer
Risk Manager
IT Director
Operations Manager
Procurement Manager
Contract Manager
Chief Technology Officer
Chief Legal Officer
Data Protection Specialist
Privacy Analyst
Vendor Manager
Information Governance Manager
Find the exact document you need
Joint Controller Agreement
A Danish law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 for shared data processing activities.
find out more
DPA Contract
Danish law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
find out more
DPA Addendum
A Danish law-compliant Data Processing Agreement Addendum that establishes GDPR-aligned terms for personal data processing activities.
find out more
Data Processing Addendum DPA
A Danish law-compliant Data Processing Addendum establishing terms for personal data processing between controller and processor, ensuring GDPR and Danish Data Protection Act compliance.
find out more
Controller To Controller Data Processing Agreement
Danish law-governed agreement between two independent data controllers for sharing personal data in compliance with GDPR and Danish data protection requirements.
find out more
Data Controller To Data Controller Agreement
A Danish law-governed agreement establishing terms for personal data sharing between two independent data controllers under GDPR and Danish data protection requirements.
find out more
Intercompany Data Processing Agreement
Danish law-governed agreement regulating intra-group personal data processing activities in compliance with GDPR and Danish data protection requirements.
find out more
Controller To Controller DPA
Danish law-governed Controller-to-Controller DPA establishing framework for GDPR-compliant data sharing between independent controllers.
find out more
DPA Agreement
A Danish law-governed Data Processing Agreement establishing data handling obligations between controller and processor under GDPR and Danish data protection requirements.
find out more
Data Transfer Addendum
Danish law-governed addendum for ensuring GDPR-compliant personal data transfers between organizations, incorporating Danish and EU data protection requirements.
find out more
Controller Processor Agreement
A Danish law-governed agreement establishing data processing terms between a data controller and processor, ensuring GDPR compliance and following Danish regulatory requirements.
find out more
Sub Processing Agreement
A Danish law-governed agreement establishing terms for sub-processor's personal data processing activities, ensuring GDPR and local law compliance.
find out more
International Data Transfer Agreement
Danish law-governed International Data Transfer Agreement for compliant transfer of personal data from Denmark to non-EEA countries.
find out more
Data Protection Addendum
Danish law-governed Data Protection Addendum ensuring GDPR compliance and establishing data processing obligations between controller and processor.
find out more
Download our whitepaper on the future of AI in Legal
By providing your email address you are consenting to our Privacy Notice.
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.