All Countries
Compliance
Supplier Data Processing Agreement

Supplier Data Processing Agreement Template for Denmark

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Supplier Data Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Supplier Data Processing Agreement

Celebrated by
Collaborations with
Investors
Document background
The Supplier Data Processing Agreement is a mandatory legal document required under Article 28 of the GDPR and Danish data protection law whenever a company (controller) engages a supplier (processor) to process personal data on its behalf. This document is essential for establishing clear responsibilities and obligations regarding data protection, security measures, and compliance requirements. It should be put in place before any data processing begins and must reflect specific Danish legal requirements while ensuring broader EU GDPR compliance. The agreement typically accompanies a main service agreement and includes detailed schedules specifying the nature of data processing activities, security measures, and approved sub-processors. It's particularly crucial in the Danish business context where data protection authorities actively enforce compliance and where businesses must demonstrate accountability in their data processing relationships.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names, registration numbers, and addresses

2. Background: Context of the relationship, reference to main service agreement, and purpose of this DPA

3. Definitions: Key terms used in the agreement, including GDPR-specific terminology and agreement-specific definitions

4. Scope and Purpose: Details of the data processing activities, categories of data subjects and personal data

5. Controller's Instructions: Explicit instructions for processing, including permitted activities and restrictions

6. Processor Obligations: Core obligations including confidentiality, security measures, and assistance requirements

7. Sub-processors: Rules for engaging sub-processors, including approval process and obligations

8. Data Subject Rights: Processor's obligations to assist with data subject requests

9. Personal Data Breaches: Breach notification requirements and response procedures

10. Data Protection Impact Assessments: Obligations to assist with DPIAs and prior consultations

11. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance

12. International Transfers: Rules for transferring personal data outside the EU/EEA

13. Confidentiality: Confidentiality obligations for processed data and agreement terms

14. Term and Termination: Duration of the agreement and termination provisions

15. Return or Deletion of Data: Obligations regarding personal data upon agreement termination

16. Liability and Indemnification: Allocation of liability and indemnification obligations

17. Governing Law and Jurisdiction: Specification of Danish law and jurisdiction for disputes

Optional Sections

1. Insurance Requirements: Specific insurance obligations for the processor - include when dealing with high-risk processing or sensitive data

2. Force Majeure: Provisions for extraordinary circumstances - include for long-term or critical processing relationships

3. Business Continuity: Business continuity and disaster recovery requirements - include for critical processing operations

4. Specific Security Requirements: Additional security measures beyond standard requirements - include for sensitive data processing

5. Joint Controller Provisions: Provisions for scenarios where parties act as joint controllers - include when applicable

6. Special Categories of Data: Additional provisions for processing sensitive data - include when processing special categories of personal data

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented by the processor

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms for international data transfers (if applicable)

5. Appendix A - Contact Points: Key contacts for both parties for operational and emergency matters

6. Appendix B - Standard Forms: Standard forms for sub-processor approval, data breach notification, and audit requests

Authors

Linkedin in social icon imageX social icon image
Relevant legal definitions
Agreement
Applicable Data Protection Law
Business Day
Controller
Data Subject
Danish Data Protection Act
Data Protection Impact Assessment
EEA
EU Standard Contractual Clauses
GDPR
Group
International Transfer
Main Agreement
Personal Data
Personal Data Breach
Processing
Processor
Protected Data
Representatives
Security Measures
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Country
Working Day
Written Notice
Controller Instructions
Confidential Information
Approved Sub-processor List
Authorized Persons
Data Protection Officer
Processing Instructions
Processing Location
Security Requirements
Transfer Mechanism
Relevant Industries
Relevant Teams
Relevant Roles
Industries
General Data Protection Regulation (GDPR): The EU's fundamental data protection law that sets requirements for processing personal data, including specific provisions for data processing agreements (Article 28)
Danish Data Protection Act (Databeskyttelsesloven): The Danish implementation of GDPR that provides additional national requirements for data processing and protection
Danish Contracts Act (Aftaleloven): Provides the legal framework for contract formation and validity in Denmark, essential for the agreement's enforceability
Danish Administration of Justice Act (Retsplejeloven): Relevant for dispute resolution provisions and enforcement of contractual obligations in Denmark
Danish Marketing Practices Act (Markedsføringsloven): May be relevant if the data processing involves marketing activities or business communications
Danish Business Authority Guidelines: Regulatory guidelines for business operations and data processing in Denmark
Danish Data Protection Authority Guidelines: Specific guidelines and requirements from Datatilsynet (Danish DPA) regarding data processing agreements
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Agreement Data Protection

find out more

DPA Data Protection Agreement

find out more

Data Privacy Contract

find out more

Supplier Data Processing Agreement

find out more

Data Privacy Addendum

find out more

Non Disclosure Agreement Data Protection

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.