Denmark

Summary

Law: Act No. 502 of 23 May 2018 on Supplementary Provisions to the Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: Danish data protection authority ('Datatilsynet')

Summary: Denmark implemented the GDPR through Act No. 502 of May 23, 2018 on Supplementary Provisions to the Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (the Act), which is closely aligned with the GDPR and does not derogate at all in areas such as the appointment of a data protection officer, data retention, or data transfers. However, the Act exempts personal data processing covered by the Act governing information databases operated by mass media (only available in Danish) from the GDPR and the Act. The Danish data protection authority (Datatilsynet) is an active regulator and regularly publishes guidelines on various issues including data breach notification, data subject rights, and security of processing. Notably, Denmark was the first EU country to publish Standard Contractual Clauses for contracts between controllers and processors in line with Article 28 of the GDPR in the EDPB register.

Browse more content in Denmark

All Guidance Notes

All News

All Insights

News

14 November 2024

Denmark: Digitaliseringsstyrelsen announces publication of white paper on responsible use of AI assistants

12 November 2024

Denmark: Datatilsynet publishes update on questions posed to National Police on use of facial recognition

16 October 2024

Denmark: Datatilsynet publishes results of 2024 inspections of 48 municipalities

12 September 2024

Denmark: Digitaliseringsstyrelsen publishes thematic webpage on AI in the public and private sectors

12 September 2024

Denmark: Datatilsynet issues questions to National Police on use of facial recognition

12 September 2024

Denmark: Datatilsynet releases guidance on controlled and monitored publication of data

06 September 2024

Denmark: Datatilsynet publishes 2023 activity report

29 August 2024

Denmark: Datatilsynet fines Odsherred Municipality DKK 100,000 - DKK 200,000 for data security failures

27 August 2024

Denmark: Datatilsynet issues decision on use of AI for analyzing recorded telephone conversations

21 August 2024

Denmark: Datatilsynet issues decision on consent for use of facial recognition

19 August 2024

Denmark: Digitaliseringsstyrelsen announces findings of investigation on 200 websites

15 August 2024

Denmark: Datatilsynet fines Vejen Municipality DKK 200,000 for lack of encryption

Insights

April 2024

Denmark: New rules on working time registration

In May 2019, the Court of Justice of the European Union (CJEU) delivered a judgment¹ on the understanding of specific requirements under the EU Working Time Directive. More specifically, the CJEU ruled that an employer is required to have a system in place that allows registration of the employees' daily working time to ensure that all the requirements of the EU Working Time Directive are complied with. As a consequence of this judgment, the Danish Ministry of Employment presented an amendment to the Danish Working Time Act. Anna de Vos- Zehngraff, Mille Selbach Rasmussen, and Rasmus Martens, from Bruun & Hjejle Advokatpartnerselskab, take a look at this amendment and the implications of this on data protection.

March 2024

Denmark: Employers' use of employee images - legal considerations when navigating between privacy and commercial needs

In a time when digital marketing and visual identity play crucial roles, using employee photos sparks complex questions concerning privacy and data protection. The complexity of this landscape is further emphasized by the ongoing development of rules and regulations. In this Insight article, Elsebeth Aaes-Jørgensen, Partner at Norrbom Vinding, delves into how employers can navigate the delicate balance between their need for visual representation and the essential considerations on how to avoid infringing employees' rights.

October 2022

Denmark: Datatilsynet's latest guidance on data transfers and cloud computing

In March 2022, the Danish data protection authority ('Datatilsynet') issued its 'Guidance on the use of cloud' ('the Guidance')¹. Birgitte Toxværd, Partner and Attorney-at-law at Horten Advokatpartnerselskab, chronologically dissects the Guidance and its updates, and discusses key takeaways in relation to data transfers and cloud computing.

December 2021

Denmark: Datatilsynet's guide on data processor audits

On 29 October 2021, the Danish data protection authority ('Datatilsynet') published a guide on how to approach data processor audits. In the guide, the Datatilsynet sets out six supervisory concepts based on a risk assessment of the processing activities in question. The risk assessment uses a points scale, where the total score gives the data controller a sense of the risk associated with the processing, and which supervisory concept to choose when auditing the data processor. Camilla Sand Fink, Senior Associate and Head of the Data Privacy Team at CLEMENS Law Firm, reviews the Datatilsynet's guide and the central issues around auditing data processors.

Denmark

Summary

Browse more content in Denmark

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us