You are here: Information Security Data protection (GDPR) General information Data processing agreements

Data processing agreements

Here you can find information about data processing agreements. 


When do I need a data processing agreement?

If persons other than AU employees are required to carry out processing of personal data on behalf of and on the instructions of AU, a data processing agreement must be established with the data processor.


Need help?

Send an email to tto@au.dk (Technology Transfer Office (TTO)) to get help with a data processing agreement.


Templates

  • A template has been made for data processing agreement for IT systems. Send an email to tto@au.dk to request the template. 

Filing of data processing agreements

Signed data processing agreements must be archived at Technology Transfer Office (TTO) at AU Research Support and External Relations.


What is a data controller?

The natural or legal person, public authority, agency or any other body which alone or jointly with other parties determines for which purpose and by which means data may be processed.

What is a data processor?

The natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.

  • A data processor processes personal data in order to achieve the purposes of the data controller’s organisation.
  • A data processor complies with the instructions given by the data controller in the data processing agreement.
  • A data processor must destroy/delete/anonymise/return personal data; and at the latest when the task has been completed.
  • Data processing agreements within the individual data controller's organisation are not required, but solely when a data processor outside the organisation has access to the data.
1443057 / i40