The Danish Data Protection Agency has issued a template data processor agreement on its website.
A data processor agreement is an agreement that must be in place between a data controller and data processor when the data processor processes personal data on behalf of and subject to instructions from the data controller. For example, a data processor agreement is required when a company or public authority uses an external supplier to process personal data regarding employees, such as a payroll agency.
The Danish Data Protection Agency recently drafted and issued a ”standard data processor agreement”. It complies with the minimum requirements in the General Data Protection Regulation and companies may use it as a template agreement or check list.
The template contains a general part, which is not necessary to adjust to the contractual relations in question, and an individual part that must be completed and adjusted to the specific contractual situation.
The Danish Data Protection Agency issued the template agreement in extension of its guidelines on data controllers and data processors drawn up in November 2017. Click here to read our commentary on these guidelines.
The template data processor agreement and explanatory comments on the agreement are available here (in Danish).
The content of the above is not, and should not be a substitute for legal advice.