Denmark
Legal Templates
Intercompany Data Processing Agreement

Intercompany Data Processing Agreement Template for Denmark

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Intercompany Data Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Intercompany Data Processing Agreement

I need an Intercompany Data Processing Agreement under Danish law for our pharmaceutical company's Danish headquarters to process HR data for all European subsidiaries, with implementation planned for March 2025 and including specific provisions for handling sensitive health data.

Celebrated by
Collaborations with
Investors

What is a Intercompany Data Processing Agreement?

An Intercompany Data Processing Agreement is essential when personal data is processed between different entities within the same corporate group under Danish jurisdiction. This document is required to comply with Article 28 of the GDPR and the Danish Data Protection Act, ensuring proper documentation of data processing activities between group entities. It should be used whenever one group entity processes personal data on behalf of another group entity, establishing clear controller-processor relationships. The agreement includes specific provisions required by Danish law, details of processing activities, security measures, and compliance requirements. It is particularly important for multinational organizations with Danish operations or companies subject to Danish data protection regulations, as it helps demonstrate compliance with legal requirements while maintaining efficient intra-group data flows.

What sections should be included in a Intercompany Data Processing Agreement?

1. Parties: Identification of the data controller and data processor entities within the company group

2. Background: Context of the agreement and the relationship between the group entities

3. Definitions: Key terms used in the agreement, including GDPR-specific terminology

4. Scope and Purpose: Details of the processing activities covered by the agreement

5. Duration: Term of the agreement and conditions for termination

6. Nature and Purpose of Processing: Detailed description of why and how personal data will be processed

7. Types of Personal Data and Categories of Data Subjects: Specification of the personal data types and individuals affected

8. Obligations of the Data Controller: Responsibilities and duties of the controlling entity

9. Obligations of the Data Processor: Processor's commitments including security, confidentiality, and assistance requirements

10. Sub-processing: Conditions and requirements for engaging sub-processors

11. Security of Processing: Technical and organizational security measures

12. Data Subject Rights: Procedures for handling data subject requests

13. Personal Data Breaches: Breach notification and management procedures

14. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

15. Return or Deletion of Data: Procedures for data handling upon agreement termination

16. Liability and Indemnification: Allocation of responsibilities and liability between parties

17. Governing Law and Jurisdiction: Specification of Danish law application and jurisdiction

What sections are optional to include in a Intercompany Data Processing Agreement?

1. International Data Transfers: Required when personal data will be transferred outside the EU/EEA

2. Group-Wide Governance: Needed for establishing common compliance standards across multiple group entities

3. Cost Allocation: Include when there are specific charging arrangements between group entities

4. Insurance Requirements: Specific insurance obligations for high-risk processing activities

5. Business Continuity: Required for critical processing operations requiring specific continuity measures

6. Exit Management: Detailed transition provisions for complex processing arrangements

What schedules should be included in a Intercompany Data Processing Agreement?

1. Schedule 1 - Processing Activities: Detailed matrix of processing activities, purposes, data types, and data subjects

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures and controls implemented

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of transfer mechanisms for international data transfers if applicable

5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling personal data breaches

6. Appendix A - Contact Points: Key contacts for operational, technical and legal matters

7. Appendix B - Audit Procedures: Detailed procedures for conducting compliance audits

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Persons
Business Day
Business Hours
Confidential Information
Controller
Data Protection Impact Assessment
Data Protection Laws
Data Subject
Data Subject Request
Danish Data Protection Act
EEA
EU Standard Contractual Clauses
GDPR
Group
Group Entity
Information Security Incident
International Transfer
Member State
Personal Data
Personal Data Breach
Processing
Processor
Restricted Transfer
Security Measures
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Country
Transfer Mechanism
Clauses
Interpretations and Definitions
Scope and Purpose
Duration and Termination
Processing Obligations
Data Security
Confidentiality
Sub-processing
Data Subject Rights
Personal Data Breaches
Data Protection Impact Assessments
International Transfers
Audit Rights
Assistance and Cooperation
Return or Deletion of Data
Liability and Indemnification
Insurance
Force Majeure
Assignment and Novation
Notices
Severability
Entire Agreement
Variation
Waiver
Third Party Rights
Counterparts
Governing Law and Jurisdiction
Relevant Industries

Financial Services

Healthcare

Technology

Manufacturing

Retail

Professional Services

Telecommunications

Energy

Transportation

Pharmaceuticals

Insurance

Banking

E-commerce

Education

Real Estate

Relevant Teams

Legal

Compliance

Data Protection

Information Security

Risk Management

IT Security

Corporate Governance

Regulatory Affairs

Privacy Office

Information Technology

Internal Audit

Relevant Roles

Data Protection Officer

Privacy Manager

Legal Counsel

Compliance Officer

Information Security Manager

Chief Legal Officer

Chief Privacy Officer

Chief Information Security Officer

Group Data Protection Manager

Corporate Counsel

IT Security Manager

Risk Manager

Regulatory Compliance Manager

Head of Legal

Head of Compliance

Privacy Counsel

General Counsel

Industries
General Data Protection Regulation (GDPR): EU Regulation 2016/679 - The primary legislation governing personal data processing in the EU, setting out requirements for data processing agreements and data protection principles
Danish Data Protection Act: Act No. 502 of 23 May 2018 - Denmark's national implementation of GDPR, providing specific national requirements for data processing
Danish Contracts Act: Consolidated Act No. 193 of 2 March 2016 - Provides the legal framework for contract formation and validity under Danish law
EDPB Guidelines on Data Processing Agreements: Guidelines from the European Data Protection Board specifying requirements for Article 28 GDPR compliance in data processing agreements
Danish Administration of Justice Act: Relevant for dispute resolution provisions and jurisdiction clauses under Danish law
EU Standard Contractual Clauses (SCCs): Commission Implementing Decision (EU) 2021/914 - Required if data transfers outside EU/EEA are contemplated
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

A Danish law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 for shared data processing activities.

find out more

DPA Contract

Danish law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.

find out more

DPA Addendum

A Danish law-compliant Data Processing Agreement Addendum that establishes GDPR-aligned terms for personal data processing activities.

find out more

Data Processing Addendum DPA

A Danish law-compliant Data Processing Addendum establishing terms for personal data processing between controller and processor, ensuring GDPR and Danish Data Protection Act compliance.

find out more

Controller To Controller Data Processing Agreement

Danish law-governed agreement between two independent data controllers for sharing personal data in compliance with GDPR and Danish data protection requirements.

find out more

Data Controller To Data Controller Agreement

A Danish law-governed agreement establishing terms for personal data sharing between two independent data controllers under GDPR and Danish data protection requirements.

find out more

Intercompany Data Processing Agreement

Danish law-governed agreement regulating intra-group personal data processing activities in compliance with GDPR and Danish data protection requirements.

find out more

Controller To Controller DPA

Danish law-governed Controller-to-Controller DPA establishing framework for GDPR-compliant data sharing between independent controllers.

find out more

DPA Agreement

A Danish law-governed Data Processing Agreement establishing data handling obligations between controller and processor under GDPR and Danish data protection requirements.

find out more

Data Transfer Addendum

Danish law-governed addendum for ensuring GDPR-compliant personal data transfers between organizations, incorporating Danish and EU data protection requirements.

find out more

Controller Processor Agreement

A Danish law-governed agreement establishing data processing terms between a data controller and processor, ensuring GDPR compliance and following Danish regulatory requirements.

find out more

Sub Processing Agreement

A Danish law-governed agreement establishing terms for sub-processor's personal data processing activities, ensuring GDPR and local law compliance.

find out more

International Data Transfer Agreement

Danish law-governed International Data Transfer Agreement for compliant transfer of personal data from Denmark to non-EEA countries.

find out more

Data Protection Addendum

Danish law-governed Data Protection Addendum ensuring GDPR compliance and establishing data processing obligations between controller and processor.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.