The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all Controller-Processor Article 28 data processing agreements.
Here are some key takeaways:
Use of Sub-Processors
Data Subject Rights
Audit and Inspection
Exhibit on Nature of the Processing