A Data Protection Addendum (DPA) is a mandatory legal document required under both EU GDPR and Danish data protection law whenever a company (controller) engages another party (processor) to process personal data on its behalf. This document supplements the main service agreement between parties and specifically addresses data protection obligations. It must comply with Article 28 of the GDPR and additional requirements under the Danish Data Protection Act. The DPA includes essential provisions regarding data security measures, breach notifications, sub-processor appointments, and international data transfers. It's particularly crucial in the Danish context as it must address specific local regulatory requirements while maintaining alignment with broader EU data protection principles.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership聽of your information
Key Requirements PROMPT example:
Data Protection Addendum
I need a Data Protection Addendum governed by Danish law for a SaaS provider who will process customer health data and transfer it to servers in India, with the agreement starting January 2025 and requiring specific provisions for sensitive data handling and international transfers.
1. Parties: Identification of the data controller and data processor, including full legal names and registration details
2. Background: Context of the relationship between parties and reference to the main service agreement this DPA supplements
3. Definitions: Key terms used in the DPA, including those from GDPR and Danish Data Protection Act
4. Scope and Purpose: Details of the types of personal data being processed and the purposes of processing
5. Duration: Term of the DPA, typically linked to the main agreement's duration
6. Nature and Purpose of Processing: Detailed description of how and why the data will be processed
7. Processor Obligations: Core obligations of the processor under GDPR Article 28 and Danish law
8. Sub-processing: Conditions and requirements for engaging sub-processors
9. Technical and Organizational Measures: Security measures required to protect personal data
10. Data Subject Rights: Processor's obligations to assist with data subject requests
11. Personal Data Breach: Notification requirements and procedures for handling data breaches
12. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance
13. Return or Deletion of Data: Requirements for data handling upon agreement termination
14. Liability and Indemnification: Allocation of responsibilities and liabilities between parties
15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction
1. International Data Transfers: Required when personal data will be transferred outside the EEA, incorporating EU SCCs
2. Special Categories of Data: Additional requirements when processing sensitive personal data under Article 9 GDPR
3. Data Protection Impact Assessment: Specific obligations when processing requires a DPIA under Danish law
4. Joint Controller Provisions: Required when the relationship includes elements of joint controllership
5. Insurance Requirements: Specific insurance obligations for high-risk processing activities
6. Processor Personnel: Detailed requirements for staff training and confidentiality when specific personnel requirements apply
1. Schedule 1 - Details of Processing: Detailed matrix of data categories, processing purposes, retention periods, and data subjects
2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Applicable Standard Contractual Clauses or other transfer mechanisms if required
5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Schedule 6 - Audit Requirements: Specific procedures and requirements for conducting compliance audits
Authors
Relevant legal definitions
Clauses
Relevant Industries
Technology and Software
Healthcare and Medical Services
Financial Services
Professional Services
E-commerce and Retail
Education
Telecommunications
Insurance
Human Resources and Recruitment
Marketing and Advertising
Research and Development
Public Sector
Manufacturing
Logistics and Transportation
Consulting Services
Relevant Teams
Legal
Compliance
Information Security
IT
Privacy
Risk Management
Procurement
Operations
Data Protection
Vendor Management
Commercial
Information Technology
Corporate Governance
Relevant Roles
Data Protection Officer
Privacy Counsel
Legal Counsel
Compliance Manager
Information Security Officer
Privacy Manager
Contract Manager
IT Director
Chief Technology Officer
Chief Information Security Officer
Risk Manager
Operations Director
Procurement Manager
Project Manager
Chief Legal Officer
Data Protection Specialist
Vendor Manager
Commercial Director
Find the exact document you need
Joint Controller Agreement
A Danish law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 for shared data processing activities.
find out more
DPA Contract
Danish law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
find out more
DPA Addendum
A Danish law-compliant Data Processing Agreement Addendum that establishes GDPR-aligned terms for personal data processing activities.
find out more
Data Processing Addendum DPA
A Danish law-compliant Data Processing Addendum establishing terms for personal data processing between controller and processor, ensuring GDPR and Danish Data Protection Act compliance.
find out more
Controller To Controller Data Processing Agreement
Danish law-governed agreement between two independent data controllers for sharing personal data in compliance with GDPR and Danish data protection requirements.
find out more
Data Controller To Data Controller Agreement
A Danish law-governed agreement establishing terms for personal data sharing between two independent data controllers under GDPR and Danish data protection requirements.
find out more
Intercompany Data Processing Agreement
Danish law-governed agreement regulating intra-group personal data processing activities in compliance with GDPR and Danish data protection requirements.
find out more
Controller To Controller DPA
Danish law-governed Controller-to-Controller DPA establishing framework for GDPR-compliant data sharing between independent controllers.
find out more
DPA Agreement
A Danish law-governed Data Processing Agreement establishing data handling obligations between controller and processor under GDPR and Danish data protection requirements.
find out more
Data Transfer Addendum
Danish law-governed addendum for ensuring GDPR-compliant personal data transfers between organizations, incorporating Danish and EU data protection requirements.
find out more
Controller Processor Agreement
A Danish law-governed agreement establishing data processing terms between a data controller and processor, ensuring GDPR compliance and following Danish regulatory requirements.
find out more
Sub Processing Agreement
A Danish law-governed agreement establishing terms for sub-processor's personal data processing activities, ensuring GDPR and local law compliance.
find out more
International Data Transfer Agreement
Danish law-governed International Data Transfer Agreement for compliant transfer of personal data from Denmark to non-EEA countries.
find out more
Data Protection Addendum
Danish law-governed Data Protection Addendum ensuring GDPR compliance and establishing data processing obligations between controller and processor.
find out more
Download our whitepaper on the future of AI in Legal
By providing your email address you are consenting to our Privacy Notice.
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a 拢1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.