Skip to main content

The Swedish and Norwegian Data Protection Authorities have recognized the Danish standard contractual clauses in relation to data processor agreements

|

The Danish Protection Authority has adopted standard contractual clauses in accordance with article 28(3) of the GDPR. The national data protection authorities in Sweden and Norway have declared that they recognize the Danish standard contractual clauses which is why Swedish and Norwegian businesses can make use of these standard contractual clauses as though they were adopted by their own regulatory authorities.

Standard Contractual Clauses

National data protection authorities have the option of adopting standard contractual clauses for the purposes of Article 28(3) of Regulation 2016/679 (the GDPR) regarding data processor contracts. The Danish data protection authority has adopted standard contractual clauses regarding data processor agreements in order to ensure the protection of the data subjects’ rights and to make sure that data processors meet the requirements of the GDPR when concluding contracts in accordance with article 28(3) of the GDPR.

The standard contractual clauses have a specific legally binding effect – the use of these templates entail certain benefits for the businesses that use them. Other than making sure that the business meets the requirements of the GDPR, it also means that the Danish Data Protection Authority will not further review the business’ contract clauses during inspection visits.

When a national data protection authority adopts standard contractual clauses for the purposes of GDPR, the clauses must be drawn up in collaboration with other national data protection authorities in the EU to ensure a uniform application of the GDPR among the member states of the EU. The collaboration takes place through the European Data Protection Board (EDPB). The EDPB will review the standard contractual clauses before the national data protection authority can adopt them. The Danish Data Protection Authority published a template of the standard contractual clauses in February 2018 which would help businesses live up to the minimum requirements in the GDPR. The EDPB recognized the template in December 2019 after which the template could be characterized as a standard contractual clause.

 

Recognition in Norway and Sweden

After the recognition by the EDPB in December 2019, the data protection authorities in Norway and Sweden have declared that they will also recognize the Danish standard contractual clauses. Following this recognition, The Danish Data Protection Authority’s standard contractual clauses will have a legally binding effect in Sweden and Norway. As a result of this, businesses in Sweden and Norway can make use of the Danish contractual clauses as though the clauses were adopted by their own data protection authorities – with no concern of facing criticism from the Swedish and Norwegian data protection authorities in relation to the clauses.

 

NJORD’s remarks

It is not a requirement to use the Danish Data Protection Authority’s standard contractual clauses. Businesses can therefore still use their own contractual clauses/data processor agreements in accordance with article 28 (3). If the business makes use of their own contractual clauses, it is important to make sure they follow the minimum requirements in article 28 of the GDPR. The Data Protection Authority’s standard contractual clauses already meet the requirements of article 28(3) which is why businesses will benefit strongly from using these clauses instead of their own contractual clauses/data processor agreements.

 

Article provided by: Claas Thöle (NJORD Law Firm, Denmark)

 

 

Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}