Data Protection Addendum

Data Protection Addendum Template for Denmark

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5

4.8 / 5

Let's create your Data Protection Addendum

1. Select your governing law and document type:

2. Enter your key requirements:

3. Create your document to edit, review or download

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Document background

A Data Protection Addendum (DPA) is a mandatory legal document required under both EU GDPR and Danish data protection law whenever a company (controller) engages another party (processor) to process personal data on its behalf. This document supplements the main service agreement between parties and specifically addresses data protection obligations. It must comply with Article 28 of the GDPR and additional requirements under the Danish Data Protection Act. The DPA includes essential provisions regarding data security measures, breach notifications, sub-processor appointments, and international data transfers. It's particularly crucial in the Danish context as it must address specific local regulatory requirements while maintaining alignment with broader EU data protection principles.

Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and registration details

2. Background: Context of the relationship between parties and reference to the main service agreement this DPA supplements

3. Definitions: Key terms used in the DPA, including those from GDPR and Danish Data Protection Act

4. Scope and Purpose: Details of the types of personal data being processed and the purposes of processing

5. Duration: Term of the DPA, typically linked to the main agreement's duration

6. Nature and Purpose of Processing: Detailed description of how and why the data will be processed

7. Processor Obligations: Core obligations of the processor under GDPR Article 28 and Danish law

8. Sub-processing: Conditions and requirements for engaging sub-processors

9. Technical and Organizational Measures: Security measures required to protect personal data

10. Data Subject Rights: Processor's obligations to assist with data subject requests

11. Personal Data Breach: Notification requirements and procedures for handling data breaches

12. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

13. Return or Deletion of Data: Requirements for data handling upon agreement termination

14. Liability and Indemnification: Allocation of responsibilities and liabilities between parties

15. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, incorporating EU SCCs

2. Special Categories of Data: Additional requirements when processing sensitive personal data under Article 9 GDPR

3. Data Protection Impact Assessment: Specific obligations when processing requires a DPIA under Danish law

4. Joint Controller Provisions: Required when the relationship includes elements of joint controllership

5. Insurance Requirements: Specific insurance obligations for high-risk processing activities

6. Processor Personnel: Detailed requirements for staff training and confidentiality when specific personnel requirements apply

Suggested Schedules

1. Schedule 1 - Details of Processing: Detailed matrix of data categories, processing purposes, retention periods, and data subjects

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Applicable Standard Contractual Clauses or other transfer mechanisms if required

5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Schedule 6 - Audit Requirements: Specific procedures and requirements for conducting compliance audits

Authors

Relevant legal definitions

Clauses

Relevant Industries

Relevant Teams

Relevant Roles

Find the exact document you need

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.

Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research

Oops! Something went wrong while submitting the form.

�ұ�Ծ��’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; �ұ�Ծ��’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.

Read our Privacy Policy.

��������Ƶ

How a Sales & Marketing Lead uses ��������Ƶ to reduce contract drafting time by 95%

Let's create your Data Protection Addendum

Authors

Find the exact document you need

Joint Controller Agreement

DPA Contract

DPA Addendum

Data Processing Addendum DPA

Controller To Controller Data Processing Agreement

Data Controller To Data Controller Agreement

Intercompany Data Processing Agreement

Controller To Controller DPA

DPA Agreement

Data Transfer Addendum

Controller Processor Agreement

Sub Processing Agreement

International Data Transfer Agreement