The standard processor agreement has been adopted by the Danish SA pursuant to art. 28(8) GDPR and aims at helping organisations to meet the requirements of art. 28 (3) and (4), given the fact that the contract between controller and processor cannot just restate the provisions of the GDPR but should further specify them, e.g. with regard to the assistance provided by the processor to the controller.
Norwegian data protection authority – Datatilsynet – has published a guidance on Software development with Data Protection by Design and by Default.