EN
Data protection

Companies can apply the Danish Standard Data Processing Agreement in Norway and Sweden

logo
Legal news
calendar 20 May 2020
globus Denmark, Sweden, Norway

Following an opinion issued by the European Data Protection Board, the Danish Data Protection Agency finalized its Standard Data Processing Agreement in 2019 which aims to help companies comply with the minimum requirements under the GDPR. The Norwegian and Swedish supervisory authorities have now confirmed that companies can also use the Danish Standard Data Processing Agreement in Norway and Sweden going forward.

With the entry into force of the GDPR, the requirement to conclude data processing agreements was, among other things, introduced. This obligation illustratively applies when companies use external service providers or business partners to process personal data on its behalf. Data processing agreements must comply with a series of requirements, including information on the duration and purpose of the processing activity as well as the type of personal data being processed.

Just before the GDPR entered into force, the Danish Data Protection Agency issued a draft Standard Data Processing Agreement which subsequently was reviewed by the European Data Protection Board to ensure that the rules were applied in a uniform manner across the EU. Based on the opinion of the European Data Protection Board, changes were then introduced to the Standard Data Processing Agreement, which in return obtained special legal effect.

This special legal effect entails that when companies apply the Standard Data Processing Agreement, it will obtain an increased level of security as the clauses will not be examined during a potential supervisory visit.

With declarations from the Norwegian and Swedish supervisory authorities, companies will now also be able to benefit from the same security when applying the Standard Data Processing Agreement in Norway and Sweden as both supervisory authorities.

IUNO’s opinion

When companies use external resources, it’s necessary to consider the applicable data protection rules. As a starting point, companies must, therefore, always consider each processing activity to establish whether it concerns a data processor or data controller, but also who is responsible for what and other measures which may be necessary.

IUNO recommends for companies to apply or consider the Standard Data Processing Agreement to facilitate processing activities in Denmark, Norway and Sweden. However, at the same time, companies must in practice also ensure that it complies with the requirements, namely in light of the negative consequences it may entail in case of breach of obligations.

Read more about how we can help with compliance here.

With the entry into force of the GDPR, the requirement to conclude data processing agreements was, among other things, introduced. This obligation illustratively applies when companies use external service providers or business partners to process personal data on its behalf. Data processing agreements must comply with a series of requirements, including information on the duration and purpose of the processing activity as well as the type of personal data being processed.

Just before the GDPR entered into force, the Danish Data Protection Agency issued a draft Standard Data Processing Agreement which subsequently was reviewed by the European Data Protection Board to ensure that the rules were applied in a uniform manner across the EU. Based on the opinion of the European Data Protection Board, changes were then introduced to the Standard Data Processing Agreement, which in return obtained special legal effect.

This special legal effect entails that when companies apply the Standard Data Processing Agreement, it will obtain an increased level of security as the clauses will not be examined during a potential supervisory visit.

With declarations from the Norwegian and Swedish supervisory authorities, companies will now also be able to benefit from the same security when applying the Standard Data Processing Agreement in Norway and Sweden as both supervisory authorities.

IUNO’s opinion

When companies use external resources, it’s necessary to consider the applicable data protection rules. As a starting point, companies must, therefore, always consider each processing activity to establish whether it concerns a data processor or data controller, but also who is responsible for what and other measures which may be necessary.

IUNO recommends for companies to apply or consider the Standard Data Processing Agreement to facilitate processing activities in Denmark, Norway and Sweden. However, at the same time, companies must in practice also ensure that it complies with the requirements, namely in light of the negative consequences it may entail in case of breach of obligations.

Read more about how we can help with compliance here.

Receive our newsletter

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Associate

Similar news

logo
Data protection

28 April 2020

Coronavirus: Danish Data Protection Authority issues new statement on virus-tracking apps

logo
Data protection

13 December 2018

New guidelines on data protection in employment relationships

logo
Data protection

15 May 2018

Get ready for the GDPR – Part 5: E-mails

logo
Data protection

18 April 2018

Get ready for the GDPR – Part 4: Whistleblower arrangements

logo
Data protection

22 February 2018

Get ready for the GDPR – Employees’ right of access

logo
HR Legal Data protection

23 January 2017

Data security challenged in the home office

Events

logo
HR Legal Data protection
18 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Stockholm)

logo
HR Legal Data protection
17 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Oslo)

logo
HR Legal Data protection
11 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Copenhagen)

logo
HR Legal Data protection
10 November 2014

Seminar on Employee Privacy and Data Protection in the Nordic Region (Helsinki)

// COOKIE INFORMATION POPUP SCRIPT