The Controller Processor Agreement is required whenever an organization (the data controller) engages another party (the data processor) to process personal data on its behalf under Danish jurisdiction. This requirement stems from Article 28 of the GDPR and the Danish Data Protection Act, which mandate a written agreement governing such processing activities. The document must detail the subject matter and duration of processing, its nature and purpose, the types of personal data involved, and categories of data subjects. It should also establish clear obligations regarding data security, confidentiality, sub-processor engagement, and assistance with data subject rights. The agreement must comply with both EU-wide GDPR requirements and specific Danish legal and regulatory frameworks, including guidelines from the Danish Data Protection Authority. This document is essential for establishing clear accountability and ensuring legal compliance in data processing relationships.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership聽of your information
Key Requirements PROMPT example:
Controller Processor Agreement
I need a Controller Processor Agreement under Danish law for my software company that will be processing customer data for a healthcare provider, including special categories of personal data, with the agreement to commence from March 1, 2025.
Your data doesn't train Genie's AI
You keep IP ownership聽of your information
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
OR
1. Parties: Identification of the data controller and data processor, including legal names, registration numbers, and contact details
2. Background: Context of the agreement and the relationship between the parties
3. Definitions: Key terms used in the agreement, including those from GDPR and Danish law
4. Scope and Purpose: Description of the processing activities covered by the agreement
5. Controller's Instructions: Clear instructions from the controller regarding data processing and the processor's obligation to follow them
6. Confidentiality: Obligations regarding confidentiality and ensuring staff compliance
7. Security of Processing: Technical and organizational measures required to ensure appropriate security
8. Sub-processors: Rules and procedures for engaging sub-processors
9. Data Subject Rights: Processor's obligations to assist controller with data subject requests
10. Personal Data Breach: Notification requirements and procedures for handling data breaches
11. Audit Rights: Controller's rights to audit and processor's obligation to contribute
12. Term and Termination: Duration of the agreement and termination provisions
13. Data Deletion/Return: Obligations regarding data handling upon agreement termination
14. Liability and Indemnification: Allocation of liability and indemnification obligations
15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction
1. International Data Transfers: Required when personal data will be transferred outside the EU/EEA
2. Special Categories of Data: Additional requirements when processing sensitive personal data
3. Data Protection Impact Assessments: Processor's obligations to assist with DPIAs when required
4. Insurance Requirements: Specific insurance obligations for the processor
5. Service Level Agreement: Specific performance metrics and standards for the processing activities
6. Business Continuity: Requirements for ensuring continuous processing capabilities
7. Exit Management: Detailed procedures for transitioning services upon termination
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including types of data, categories of data subjects, and processing purposes
2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable
5. Schedule 5 - Contact Points: List of key contacts for operational, security, and breach notification purposes
6. Appendix A - Standard Contractual Clauses: EU SCCs if required for international transfers
7. Appendix B - Security Breach Response Plan: Detailed procedures for handling and reporting security breaches
Authors
Relevant legal definitions
Clauses
Relevant Industries
Technology and Software
Cloud Services
Healthcare
Financial Services
Education
Retail
Professional Services
Manufacturing
Telecommunications
Public Sector
Insurance
Human Resources
Marketing and Advertising
Research and Development
Consulting
Relevant Teams
Legal
Privacy
Information Security
Compliance
IT
Risk Management
Procurement
Operations
Information Governance
Data Protection
Vendor Management
Relevant Roles
Data Protection Officer
Privacy Officer
Legal Counsel
Compliance Manager
Information Security Manager
IT Director
Chief Technology Officer
Chief Information Security Officer
Risk Manager
Procurement Manager
Contract Manager
Privacy Lawyer
Data Protection Specialist
Information Governance Manager
Operations Director
Chief Legal Officer
Data Protection Consultant
Find the exact document you need
Joint Controller Agreement
A Danish law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 for shared data processing activities.
find out more
DPA Contract
Danish law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
find out more
DPA Addendum
A Danish law-compliant Data Processing Agreement Addendum that establishes GDPR-aligned terms for personal data processing activities.
find out more
Data Processing Addendum DPA
A Danish law-compliant Data Processing Addendum establishing terms for personal data processing between controller and processor, ensuring GDPR and Danish Data Protection Act compliance.
find out more
Controller To Controller Data Processing Agreement
Danish law-governed agreement between two independent data controllers for sharing personal data in compliance with GDPR and Danish data protection requirements.
find out more
Data Controller To Data Controller Agreement
A Danish law-governed agreement establishing terms for personal data sharing between two independent data controllers under GDPR and Danish data protection requirements.
find out more
Intercompany Data Processing Agreement
Danish law-governed agreement regulating intra-group personal data processing activities in compliance with GDPR and Danish data protection requirements.
find out more
Controller To Controller DPA
Danish law-governed Controller-to-Controller DPA establishing framework for GDPR-compliant data sharing between independent controllers.
find out more
DPA Agreement
A Danish law-governed Data Processing Agreement establishing data handling obligations between controller and processor under GDPR and Danish data protection requirements.
find out more
Data Transfer Addendum
Danish law-governed addendum for ensuring GDPR-compliant personal data transfers between organizations, incorporating Danish and EU data protection requirements.
find out more
Controller Processor Agreement
A Danish law-governed agreement establishing data processing terms between a data controller and processor, ensuring GDPR compliance and following Danish regulatory requirements.
find out more
Sub Processing Agreement
A Danish law-governed agreement establishing terms for sub-processor's personal data processing activities, ensuring GDPR and local law compliance.
find out more
International Data Transfer Agreement
Danish law-governed International Data Transfer Agreement for compliant transfer of personal data from Denmark to non-EEA countries.
find out more
Data Protection Addendum
Danish law-governed Data Protection Addendum ensuring GDPR compliance and establishing data processing obligations between controller and processor.
find out more
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a 拢1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.