Personal data processing standard clauses for compliance with Article 28(3) of the EU GDPR—version from the Danish supervisory authority
Personal data processing standard clauses for compliance with Article 28(3) of the EU GDPR—version from the Danish supervisory authority

The following Information Law precedent provides comprehensive and up to date legal information covering:

  • Personal data processing standard clauses for compliance with Article 28(3) of the EU GDPR—version from the Danish supervisory authority

In brief

This is a set of Standard Contractual Clauses (SCCs) for use by a controller and processor published by the Danish data protection supervisory authority for compliance with Article 28(3) of the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). It was published following an opinion by the European Data Protection Board (EDPB).

As detailed in Practice Note: Supply chains under data protection law—arrangements between controllers and processors, Article 28(3) of the EU GDPR requires that controllers and processors put in place a contract which contains certain minimum terms (unless the relevant obligations are provided by another legal act under EU law or the law of an EEA state). The EU GDPR also provides for a supervisory authority to adopt SCCs for the matters referred to in Article 28(3) in accordance with the consistency mechanism.

As explained further in News Analysis: Examining the first standard contractual clauses for contracts between controllers and processors:

  1. to the extent organisations make use of these SCCs ‘as is’, the Danish supe

Popular documents