Legal Templates
Controller To Controller DPA

Controller To Controller DPA Template for Denmark

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller To Controller DPA

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller To Controller DPA

I need a Controller to Controller DPA under Danish law for sharing customer analytics data between our Danish fintech company and a German marketing analytics provider, with specific provisions for cross-border transfers and special categories of personal data to be implemented by March 2025.

Celebrated by
Collaborations with
Investors

What is a Controller To Controller DPA?

This Controller to Controller DPA is essential when two organizations, each acting as independent data controllers under GDPR, need to share personal data in Denmark or across the EU. The document is specifically designed to comply with Danish data protection law and GDPR requirements, providing a robust framework for data sharing arrangements. It should be used whenever organizations need to establish clear protocols for sharing personal data while maintaining their independent controller status. The agreement covers crucial aspects such as security measures, data subject rights, breach notification procedures, and compliance responsibilities, ensuring both parties understand and can meet their obligations under Danish and EU data protection law. This document is particularly important for organizations that regularly exchange personal data as part of their business operations or collaborative projects.

What sections should be included in a Controller To Controller DPA?

1. Parties: Identification of the data controllers entering into the agreement, including their registered addresses and contact details

2. Background: Context of the data sharing relationship and purpose of the agreement

3. Definitions: Key terms used in the agreement, aligned with GDPR definitions and any additional specific terms

4. Scope and Purpose: Detailed description of the data sharing activities and their legitimate purposes

5. Roles and Responsibilities: Clear delineation of each controller's obligations and responsibilities

6. Categories of Data and Data Subjects: Specification of personal data types being shared and categories of data subjects

7. Legal Basis for Processing: Identification of the legal grounds under GDPR for the data sharing

8. Data Protection Principles: Commitment to GDPR principles and how they will be upheld

9. Security Measures: Technical and organizational measures for data protection

10. Data Subject Rights: Procedures for handling data subject requests and ensuring rights are respected

11. Personal Data Breaches: Notification requirements and procedures for handling data breaches

12. Term and Termination: Duration of the agreement and conditions for termination

13. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction for disputes

What sections are optional to include in a Controller To Controller DPA?

1. International Transfers: Required when personal data will be transferred outside the EEA, including appropriate safeguards

2. Special Categories of Data: Additional provisions when processing special categories of personal data under Article 9 GDPR

3. Sub-processing: Terms governing the use of sub-processors by either controller

4. Joint Processing Activities: Required when controllers jointly determine purposes and means of specific processing activities

5. Liability and Indemnification: Detailed provisions on allocation of liability between controllers

6. Insurance Requirements: Specific insurance obligations for data protection risks

7. Audit Rights: Provisions for mutual auditing of data protection compliance

What schedules should be included in a Controller To Controller DPA?

1. Schedule 1 - Data Processing Details: Detailed description of data types, processing purposes, and data subject categories

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented by both controllers

3. Schedule 3 - Contact Points and Escalation Procedure: Key contacts and procedures for operational matters and emergencies

4. Schedule 4 - Data Transfer Mechanisms: Details of transfer mechanisms where international transfers occur

5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix A - Standard Forms: Template forms for data subject requests, breach notifications, and other standard communications

7. Appendix B - Compliance Checklist: Checklist for ongoing compliance monitoring and documentation

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Law
Business Day
Controller
Danish Data Protection Act
Data Protection Impact Assessment
Data Subject
Data Subject Rights
EEA
Effective Date
EU Standard Contractual Clauses
GDPR
Information Security Incident
Joint Processing Activities
Personal Data
Personal Data Breach
Processing
Processor
Recipient
Regulatory Authority
Representatives
Restricted Transfer
Security Measures
Shared Personal Data
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Party
Transfer Mechanisms
Relevant Industries

Financial Services

Healthcare

Insurance

Technology

Telecommunications

Professional Services

Education

Retail

Manufacturing

Research and Development

Government and Public Sector

Consulting Services

Relevant Teams

Legal

Compliance

Information Security

Data Protection

Risk Management

Information Technology

Privacy

Operations

Commercial

Procurement

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Risk Manager

IT Director

Chief Information Officer

Privacy Manager

Data Protection Manager

Commercial Director

Chief Legal Officer

Contract Manager

Chief Technology Officer

Operations Director

Industries
General Data Protection Regulation (GDPR): The primary EU regulation governing personal data processing, particularly Articles 26 (Joint Controllers), 28 (Processor relationships), and Chapter V (International transfers)
Danish Data Protection Act (Databeskyttelsesloven): The national law implementing and supplementing GDPR in Denmark, providing specific requirements for data processing in the Danish context
EU Standard Contractual Clauses (SCCs) for International Transfers: Required if any data transfer occurs outside the EEA, providing safeguards for international data transfers between controllers
European Data Protection Board Guidelines on Controller and Processor: Guidelines providing interpretation of controller-to-controller relationships and responsibilities under GDPR
Danish Data Protection Authority Guidelines: Specific guidance from Datatilsynet (Danish DPA) on implementing data protection requirements in Denmark
EU ePrivacy Directive (as implemented in Danish law): Relevant if the data sharing involves electronic communications data or cookie information
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

A Danish law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 for shared data processing activities.

find out more

DPA Contract

Danish law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.

find out more

DPA Addendum

A Danish law-compliant Data Processing Agreement Addendum that establishes GDPR-aligned terms for personal data processing activities.

find out more

Data Processing Addendum DPA

A Danish law-compliant Data Processing Addendum establishing terms for personal data processing between controller and processor, ensuring GDPR and Danish Data Protection Act compliance.

find out more

Controller To Controller Data Processing Agreement

Danish law-governed agreement between two independent data controllers for sharing personal data in compliance with GDPR and Danish data protection requirements.

find out more

Data Controller To Data Controller Agreement

A Danish law-governed agreement establishing terms for personal data sharing between two independent data controllers under GDPR and Danish data protection requirements.

find out more

Intercompany Data Processing Agreement

Danish law-governed agreement regulating intra-group personal data processing activities in compliance with GDPR and Danish data protection requirements.

find out more

Controller To Controller DPA

Danish law-governed Controller-to-Controller DPA establishing framework for GDPR-compliant data sharing between independent controllers.

find out more

DPA Agreement

A Danish law-governed Data Processing Agreement establishing data handling obligations between controller and processor under GDPR and Danish data protection requirements.

find out more

Data Transfer Addendum

Danish law-governed addendum for ensuring GDPR-compliant personal data transfers between organizations, incorporating Danish and EU data protection requirements.

find out more

Controller Processor Agreement

A Danish law-governed agreement establishing data processing terms between a data controller and processor, ensuring GDPR compliance and following Danish regulatory requirements.

find out more

Sub Processing Agreement

A Danish law-governed agreement establishing terms for sub-processor's personal data processing activities, ensuring GDPR and local law compliance.

find out more

International Data Transfer Agreement

Danish law-governed International Data Transfer Agreement for compliant transfer of personal data from Denmark to non-EEA countries.

find out more

Data Protection Addendum

Danish law-governed Data Protection Addendum ensuring GDPR compliance and establishing data processing obligations between controller and processor.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.