The Supplier Data Processing Agreement is a mandatory legal document required under Article 28 of the GDPR and Danish data protection law whenever a company (controller) engages a supplier (processor) to process personal data on its behalf. This document is essential for establishing clear responsibilities and obligations regarding data protection, security measures, and compliance requirements. It should be put in place before any data processing begins and must reflect specific Danish legal requirements while ensuring broader EU GDPR compliance. The agreement typically accompanies a main service agreement and includes detailed schedules specifying the nature of data processing activities, security measures, and approved sub-processors. It's particularly crucial in the Danish business context where data protection authorities actively enforce compliance and where businesses must demonstrate accountability in their data processing relationships.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
Supplier Data Processing Agreement
I need a Supplier Data Processing Agreement under Danish law for a cloud storage provider who will be processing customer data and employee records, with strict requirements for data localization within the EU and quarterly security audits.
1. Parties: Identification of the data controller and data processor, including full legal names, registration numbers, and addresses
2. Background: Context of the relationship, reference to main service agreement, and purpose of this DPA
3. Definitions: Key terms used in the agreement, including GDPR-specific terminology and agreement-specific definitions
4. Scope and Purpose: Details of the data processing activities, categories of data subjects and personal data
5. Controller's Instructions: Explicit instructions for processing, including permitted activities and restrictions
6. Processor Obligations: Core obligations including confidentiality, security measures, and assistance requirements
7. Sub-processors: Rules for engaging sub-processors, including approval process and obligations
8. Data Subject Rights: Processor's obligations to assist with data subject requests
9. Personal Data Breaches: Breach notification requirements and response procedures
10. Data Protection Impact Assessments: Obligations to assist with DPIAs and prior consultations
11. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance
12. International Transfers: Rules for transferring personal data outside the EU/EEA
13. Confidentiality: Confidentiality obligations for processed data and agreement terms
14. Term and Termination: Duration of the agreement and termination provisions
15. Return or Deletion of Data: Obligations regarding personal data upon agreement termination
16. Liability and Indemnification: Allocation of liability and indemnification obligations
17. Governing Law and Jurisdiction: Specification of Danish law and jurisdiction for disputes
1. Insurance Requirements: Specific insurance obligations for the processor - include when dealing with high-risk processing or sensitive data
2. Force Majeure: Provisions for extraordinary circumstances - include for long-term or critical processing relationships
3. Business Continuity: Business continuity and disaster recovery requirements - include for critical processing operations
4. Specific Security Requirements: Additional security measures beyond standard requirements - include for sensitive data processing
5. Joint Controller Provisions: Provisions for scenarios where parties act as joint controllers - include when applicable
6. Special Categories of Data: Additional provisions for processing sensitive data - include when processing special categories of personal data
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented by the processor
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms for international data transfers (if applicable)
5. Appendix A - Contact Points: Key contacts for both parties for operational and emergency matters
6. Appendix B - Standard Forms: Standard forms for sub-processor approval, data breach notification, and audit requests
Authors
Relevant legal definitions
Clauses
Relevant Industries
Technology and Software
Cloud Services
Healthcare
Financial Services
Professional Services
E-commerce
Manufacturing
Telecommunications
Education
Human Resources
Marketing and Advertising
Consulting
Research and Development
Retail
Insurance
Relevant Teams
Legal
Compliance
Information Security
Data Protection
IT
Procurement
Risk Management
Vendor Management
Information Governance
Privacy
Commercial
Relevant Roles
Data Protection Officer
Privacy Officer
Legal Counsel
Compliance Manager
IT Security Manager
Procurement Manager
Contract Manager
Risk Manager
Information Security Officer
Chief Technology Officer
Chief Information Officer
Chief Legal Officer
Commercial Director
Vendor Manager
Privacy Counsel
Data Protection Manager
Information Governance Manager
Find the exact document you need
Intra Group Agreement Data Protection
Danish law-governed agreement regulating data protection practices and compliance within corporate groups under GDPR and Danish data protection requirements.
find out more
DPA Data Protection Agreement
Danish law-governed Data Processing Agreement establishing controller-processor obligations under GDPR and Danish data protection legislation.
find out more
Data Privacy Contract
Danish law-governed Data Privacy Contract establishing controller-processor obligations under GDPR and Danish Data Protection Act.
find out more
Supplier Data Processing Agreement
A Danish law-governed agreement establishing terms for personal data processing between a controller and processor, ensuring GDPR compliance.
find out more
Data Privacy Addendum
Danish law-governed Data Privacy Addendum ensuring GDPR and Danish Data Protection Act compliance for personal data processing arrangements.
find out more
Non Disclosure Agreement Data Protection
Danish law-governed NDA with integrated GDPR and data protection compliance requirements.
find out more
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.