This Controller To Controller Data Processing Agreement is essential when two organizations, acting as independent data controllers, need to share personal data while maintaining separate control over their respective processing activities. The agreement is specifically tailored to comply with Danish law, incorporating requirements from both the EU GDPR and the Danish Data Protection Act. It should be used whenever organizations need to establish a formal framework for sharing personal data, defining each party's obligations regarding data protection, security measures, breach notifications, and data subject rights. The document is particularly crucial for ensuring legal compliance and clear allocation of responsibilities in data sharing arrangements under Danish jurisdiction, providing necessary safeguards for personal data protection and defining liability arrangements between the controllers.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
Controller To Controller Data Processing Agreement
I need a Controller to Controller Data Processing Agreement for sharing healthcare data between our Danish hospital and a medical research institute in Germany, with the agreement to start from March 1, 2025, including specific provisions for handling sensitive personal data and cross-border transfers.
1. Parties: Identification of the two data controllers entering into the agreement
2. Background: Context of the data sharing relationship and purpose of the agreement
3. Definitions: Key terms used in the agreement, including GDPR-specific terminology
4. Scope and Purpose: Details of the data sharing arrangement and legitimate purposes for processing
5. Roles and Responsibilities: Clear delineation of each controller's obligations and responsibilities
6. Legal Basis for Processing: Specification of the legal grounds under GDPR for the data processing activities
7. Data Protection Principles: Commitment to GDPR principles and how they will be upheld
8. Data Subject Rights: Procedures for handling data subject requests and responsibilities of each party
9. Security Measures: Technical and organizational measures for data protection
10. Personal Data Breaches: Procedures for breach notification and cooperation in breach management
11. Confidentiality: Obligations regarding confidentiality of shared personal data
12. Term and Termination: Duration of the agreement and termination provisions
13. Liability and Indemnities: Allocation of liability and indemnification obligations
14. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction for disputes
1. International Data Transfers: Required when personal data will be transferred outside the EEA
2. Sub-processing: Include when either controller may engage sub-processors
3. Joint Processing Activities: Needed when controllers jointly determine purposes and means for specific processing activities
4. Insurance Requirements: Include when specific insurance coverage is required for data protection
5. Audit Rights: Optional provisions for mutual audit rights between controllers
6. Data Protection Impact Assessments: Include when high-risk processing activities are contemplated
7. Special Categories of Data: Required when sensitive personal data is processed
1. Schedule 1 - Categories of Personal Data: Detailed list of personal data types being shared
2. Schedule 2 - Purposes of Processing: Detailed description of all processing purposes
3. Schedule 3 - Technical and Organizational Measures: Specific security measures implemented by each party
4. Schedule 4 - Contact Points: Key contacts for operational, technical and legal matters
5. Schedule 5 - Data Subject Rights Procedure: Detailed procedures for handling data subject requests
6. Appendix A - Data Processing Details: Overview of data flows between controllers
7. Appendix B - Security Breach Response Plan: Detailed procedures for handling data breaches
Authors
Relevant legal definitions
Clauses
Relevant Industries
Financial Services
Healthcare
Insurance
Education
Telecommunications
Professional Services
Technology
Retail
Transportation and Logistics
Real Estate
Manufacturing
Research and Development
Government and Public Sector
Consulting Services
Relevant Teams
Legal
Compliance
Data Protection
Information Security
Risk Management
IT
Operations
Privacy
Procurement
Information Management
Relevant Roles
Data Protection Officer
Privacy Officer
Legal Counsel
Compliance Manager
Information Security Manager
Risk Manager
Chief Privacy Officer
Chief Legal Officer
Chief Information Security Officer
Chief Compliance Officer
Data Protection Manager
Privacy Manager
Contract Manager
IT Security Manager
Operations Manager
Find the exact document you need
Joint Controller Agreement
A Danish law-governed agreement establishing responsibilities between joint controllers under GDPR Article 26 for shared data processing activities.
find out more
DPA Contract
Danish law-governed Data Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.
find out more
DPA Addendum
A Danish law-compliant Data Processing Agreement Addendum that establishes GDPR-aligned terms for personal data processing activities.
find out more
Data Processing Addendum DPA
A Danish law-compliant Data Processing Addendum establishing terms for personal data processing between controller and processor, ensuring GDPR and Danish Data Protection Act compliance.
find out more
Controller To Controller Data Processing Agreement
Danish law-governed agreement between two independent data controllers for sharing personal data in compliance with GDPR and Danish data protection requirements.
find out more
Data Controller To Data Controller Agreement
A Danish law-governed agreement establishing terms for personal data sharing between two independent data controllers under GDPR and Danish data protection requirements.
find out more
Intercompany Data Processing Agreement
Danish law-governed agreement regulating intra-group personal data processing activities in compliance with GDPR and Danish data protection requirements.
find out more
Controller To Controller DPA
Danish law-governed Controller-to-Controller DPA establishing framework for GDPR-compliant data sharing between independent controllers.
find out more
DPA Agreement
A Danish law-governed Data Processing Agreement establishing data handling obligations between controller and processor under GDPR and Danish data protection requirements.
find out more
Data Transfer Addendum
Danish law-governed addendum for ensuring GDPR-compliant personal data transfers between organizations, incorporating Danish and EU data protection requirements.
find out more
Controller Processor Agreement
A Danish law-governed agreement establishing data processing terms between a data controller and processor, ensuring GDPR compliance and following Danish regulatory requirements.
find out more
Sub Processing Agreement
A Danish law-governed agreement establishing terms for sub-processor's personal data processing activities, ensuring GDPR and local law compliance.
find out more
International Data Transfer Agreement
Danish law-governed International Data Transfer Agreement for compliant transfer of personal data from Denmark to non-EEA countries.
find out more
Data Protection Addendum
Danish law-governed Data Protection Addendum ensuring GDPR compliance and establishing data processing obligations between controller and processor.
find out more
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.