Denmark
Legal Templates
DPA Addendum

DPA Addendum Template for Denmark

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your DPA Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

DPA Addendum

I need a DPA Addendum for our cloud services company acting as a processor, with provisions for international data transfers to the US and the ability to add sub-processors, to be effective from March 2025.

Celebrated by
Collaborations with
Investors

What is a DPA Addendum?

This DPA Addendum is essential for organizations engaged in personal data processing activities under Danish jurisdiction. It should be used whenever a service provider (data processor) processes personal data on behalf of another organization (data controller). The document supplements existing service agreements to ensure GDPR compliance and alignment with Danish data protection requirements. The addendum includes crucial provisions on processing obligations, security measures, breach notification procedures, and international data transfers. It's particularly important for Danish companies or those processing data of Danish residents, as it incorporates specific requirements from both the GDPR and Danish Data Protection Act. The document should be reviewed and updated periodically to reflect changes in data protection laws and processing activities.

What sections should be included in a DPA Addendum?

1. Parties: Identification of the data controller and data processor, including full legal names and registration details

2. Background: Context of the DPA Addendum, referring to the main agreement it supplements and the nature of data processing relationship

3. Definitions: Key terms used in the agreement, including those from GDPR and additional contract-specific definitions

4. Scope and Purpose: Defines the scope of data processing activities covered and their specific purposes

5. Data Processor Obligations: Core obligations of the data processor under GDPR Article 28, including processing only on documented instructions

6. Technical and Organizational Measures: Security measures implemented to ensure appropriate level of data protection

7. Sub-processors: Rules and procedures for engaging sub-processors, including authorization requirements

8. International Transfers: Requirements and safeguards for transfers of personal data outside the EU/EEA

9. Data Subject Rights: Processor's obligations to assist controller in responding to data subject requests

10. Personal Data Breach: Notification requirements and procedures in case of data breaches

11. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

12. Term and Termination: Duration of the DPA and conditions for termination

13. Return or Deletion of Data: Obligations regarding personal data upon termination of services

What sections are optional to include in a DPA Addendum?

1. Specific Processing Instructions: Detailed processing instructions when the processing activities are complex or require specific procedures

2. Industry-Specific Requirements: Additional requirements for specific sectors (e.g., healthcare, financial services)

3. Data Protection Impact Assessments: Specific obligations regarding DPIAs when processing is likely to result in high risk

4. Joint Controller Provisions: Additional provisions when the relationship involves joint controllership

5. Insurance Requirements: Specific insurance obligations for data protection

6. Compensation and Liability: Specific provisions on liability allocation and compensation beyond standard terms

What schedules should be included in a DPA Addendum?

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of transfer mechanisms used for international data transfers

5. Schedule 5 - Contact Points: List of key contacts for data protection matters, breach notification, and general communication

6. Schedule 6 - Standard Contractual Clauses: EU Standard Contractual Clauses if applicable for international transfers

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Law
Authorized Sub-processor
Controller
Data Protection Impact Assessment
Data Subject
Data Subject Rights
Danish Data Protection Act
EEA
EU Standard Contractual Clauses
GDPR
International Transfer
Main Agreement
Personal Data
Personal Data Breach
Processing
Processor
Processing Instructions
Restricted Transfer
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Country
Transfer Mechanism
Relevant Industries

Technology

Healthcare

Financial Services

Retail

Education

Professional Services

Manufacturing

Telecommunications

Insurance

E-commerce

Consulting

Cloud Services

Marketing Services

Human Resources

Research and Development

Relevant Teams

Legal

Compliance

Information Security

IT

Privacy

Risk Management

Operations

Procurement

Data Protection

Information Governance

Vendor Management

Contract Management

Relevant Roles

Data Protection Officer

Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Chief Technology Officer

Chief Information Security Officer

Privacy Manager

Contract Manager

Risk Manager

Operations Director

Project Manager

Procurement Manager

General Counsel

Chief Legal Officer

Industries
General Data Protection Regulation (GDPR): EU Regulation 2016/679 that sets the main framework for data protection across the EU, including requirements for data processing agreements
Danish Data Protection Act: Act No. 502 of 23 May 2018 (Databeskyttelsesloven) - Danish national law implementing GDPR and providing additional data protection requirements
Danish Contracts Act: Danish legislation (Aftaleloven) governing the formation and validity of contracts, relevant for the contractual aspects of the DPA
Danish Executive Order on Data Protection: Executive Order providing specific rules on the processing of personal data in Denmark, complementing the Data Protection Act
Danish Financial Business Act: If applicable to financial sector, contains specific provisions about data processing in financial institutions
Danish Marketing Practices Act: Relevant if the data processing involves marketing activities, containing provisions about data processing for marketing purposes
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

A Danish law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 for shared data processing activities.

find out more

DPA Contract

Danish law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.

find out more

DPA Addendum

A Danish law-compliant Data Processing Agreement Addendum that establishes GDPR-aligned terms for personal data processing activities.

find out more

Data Processing Addendum DPA

A Danish law-compliant Data Processing Addendum establishing terms for personal data processing between controller and processor, ensuring GDPR and Danish Data Protection Act compliance.

find out more

Controller To Controller Data Processing Agreement

Danish law-governed agreement between two independent data controllers for sharing personal data in compliance with GDPR and Danish data protection requirements.

find out more

Data Controller To Data Controller Agreement

A Danish law-governed agreement establishing terms for personal data sharing between two independent data controllers under GDPR and Danish data protection requirements.

find out more

Intercompany Data Processing Agreement

Danish law-governed agreement regulating intra-group personal data processing activities in compliance with GDPR and Danish data protection requirements.

find out more

Controller To Controller DPA

Danish law-governed Controller-to-Controller DPA establishing framework for GDPR-compliant data sharing between independent controllers.

find out more

DPA Agreement

A Danish law-governed Data Processing Agreement establishing data handling obligations between controller and processor under GDPR and Danish data protection requirements.

find out more

Data Transfer Addendum

Danish law-governed addendum for ensuring GDPR-compliant personal data transfers between organizations, incorporating Danish and EU data protection requirements.

find out more

Controller Processor Agreement

A Danish law-governed agreement establishing data processing terms between a data controller and processor, ensuring GDPR compliance and following Danish regulatory requirements.

find out more

Sub Processing Agreement

A Danish law-governed agreement establishing terms for sub-processor's personal data processing activities, ensuring GDPR and local law compliance.

find out more

International Data Transfer Agreement

Danish law-governed International Data Transfer Agreement for compliant transfer of personal data from Denmark to non-EEA countries.

find out more

Data Protection Addendum

Danish law-governed Data Protection Addendum ensuring GDPR compliance and establishing data processing obligations between controller and processor.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.