Privacy and Cookie Policy

We use cookies to improve the user experience. By continuing on this page, you accept our use of cookies.

OK

Please read our Privacy and Cookie Policy here to find out more.

Data Processing Services

Tal suges ind i et lyshul

WHY THE NEED FOR A DATA PROCESSOR AGREEMENT?

According to the General Data Protection Regulation (GDPR), data processing made on behalf of others must be regulated by a contract or other legally binding document. As Statistics Denmark performs services that involve processing of our customers’ data, e.g. personal data, we must draw up a so-called data processor agreement by which the customer is the data controller and Statistics Denmark is the data processor.

THE DANISH DATA PROTECTION AGENCY’S STANDARD AGREEMENT - WITH MODIFICATIONS

Statistics Denmark has prepared a data processor agreement that is based on the Data Protection Agency’s standard template. We use the same agreement for all services where we act as a data processor for our customers.

In addition to the data processor agreement, we also draw up a contract for the individual services.

Statistics Denmark’s data processor agreement resembles that of the Data Protection Agency in the vast majority of areas. On a few counts, however, it does vary. We have highlighted the most important differences below and explained the background for the differences.

Statement of assurance

  • For resource and security reasons, Statistics Denmark has decided not to be open for inspections by the data controllers. Instead, Statistics Denmark has commissioned an audit report by an external auditing firm to ensure that Statistics Denmark, as a data processor, complies with the General Data Protection Regulation in its capacity of data processor. Upon request, customers with whom we enter a data processor agreement will receive a copy of the audit report.

Sub-processors

  • In Statistics Denmark’s generic data processor agreement, sections and appendices about the use and control of sub-processors have been removed for the simple reason that Statistics Denmark does not use sub-processors when providing commissioned services.

Notification about breach of personal data security

  • Statistics Denmark has clarified the text so that it is clear that the data controller must be notified about breaches only if such breaches may impact the data controller’s data.

Assistance in terms of the rights of the data subjects

  • When information is used for statistical purposes only, certain exemptions apply in relation to the rights of the data subject. Statistics Denmark’s data processor agreement has been modified to take this exemption into account.

Responsible for this page

DST Consulting