The Data Processing Agreement (DPA) is a mandatory legal document required under Article 28 of the GDPR and Danish data protection law whenever an organization (the controller) engages another party (the processor) to process personal data on its behalf. This document is essential for establishing clear responsibilities and obligations between the parties, ensuring compliance with data protection requirements, and protecting the rights of data subjects. The DPA must include specific provisions required by law, such as the scope of processing, security measures, confidentiality obligations, and procedures for handling data breaches. Under Danish jurisdiction, the agreement must comply with both the GDPR and additional requirements set forth by the Danish Data Protection Act and the Danish Data Protection Authority (Datatilsynet). The agreement is particularly crucial in the context of service providers, cloud solutions, and any business relationships involving the processing of personal data.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
DPA Data Protection Agreement
I need a Data Processing Agreement for my healthcare software company (as processor) that will handle patient data for Danish medical clinics starting January 2025, with specific provisions for processing special categories of personal data and strict security measures.
1. Parties: Identification of the data controller and data processor, including legal names, registration numbers, and contact details
2. Background: Context of the agreement, relationship between parties, and general purpose of the data processing activities
3. Definitions: Key terms used in the agreement, including those from GDPR and specific terms relevant to the processing activities
4. Scope and Instructions: Detailed description of the processing activities, categories of data, and controller's instructions to the processor
5. Duration: Term of the agreement, including commencement date and termination provisions
6. Processor Obligations: Core obligations of the processor including confidentiality, security measures, and assistance to the controller
7. Sub-processors: Rules and procedures for engaging sub-processors, including authorization requirements and obligations
8. Data Subject Rights: Processor's obligations to assist the controller in responding to data subject requests
9. Data Security: Required technical and organizational security measures to protect personal data
10. Personal Data Breach: Notification requirements and procedures in case of data breaches
11. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance
12. Data Return and Deletion: Obligations regarding return or deletion of personal data upon agreement termination
13. Liability and Indemnification: Allocation of liability between parties and indemnification provisions
14. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction for disputes
1. International Data Transfers: Required when personal data will be transferred outside the EEA, including references to transfer mechanisms
2. Special Categories of Data: Additional provisions required when processing special categories of personal data under Article 9 GDPR
3. Data Protection Impact Assessment: Specific provisions regarding assistance with DPIAs when required
4. Industry-Specific Requirements: Additional provisions for specific sectors (e.g., healthcare, financial services)
5. Insurance Requirements: Specific insurance obligations for the processor
6. Business Continuity: Requirements for business continuity and disaster recovery planning
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers, including SCCs if applicable
5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting personal data breaches
6. Schedule 6 - Audit Procedures: Specific procedures and requirements for conducting audits and assessments
Authors
Relevant legal definitions
Clauses
Relevant Industries
Technology and Software
Healthcare and Medical
Financial Services
Professional Services
E-commerce and Retail
Education
Manufacturing
Telecommunications
Insurance
Real Estate
Consulting
Marketing and Advertising
Research and Development
Non-profit Organizations
Public Sector
Relevant Teams
Legal
Compliance
Information Security
IT
Risk Management
Procurement
Operations
Data Protection
Vendor Management
Information Technology
Privacy
Relevant Roles
Data Protection Officer
Privacy Officer
Legal Counsel
Compliance Manager
Information Security Manager
IT Director
Chief Technology Officer
Chief Information Security Officer
Risk Manager
Operations Manager
Procurement Manager
Contract Manager
Chief Legal Officer
Privacy Lawyer
IT Security Specialist
Data Protection Specialist
Vendor Manager
Find the exact document you need
Intra Group Agreement Data Protection
Danish law-governed agreement regulating data protection practices and compliance within corporate groups under GDPR and Danish data protection requirements.
find out more
DPA Data Protection Agreement
Danish law-governed Data Processing Agreement establishing controller-processor obligations under GDPR and Danish data protection legislation.
find out more
Data Privacy Contract
Danish law-governed Data Privacy Contract establishing controller-processor obligations under GDPR and Danish Data Protection Act.
find out more
Supplier Data Processing Agreement
A Danish law-governed agreement establishing terms for personal data processing between a controller and processor, ensuring GDPR compliance.
find out more
Data Privacy Addendum
Danish law-governed Data Privacy Addendum ensuring GDPR and Danish Data Protection Act compliance for personal data processing arrangements.
find out more
Non Disclosure Agreement Data Protection
Danish law-governed NDA with integrated GDPR and data protection compliance requirements.
find out more
Download our whitepaper on the future of AI in Legal
By providing your email address you are consenting to our Privacy Notice.
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.