Law: Act No. 502 of 23 May 2018 on Supplementary Provisions to the Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
Regulator: Danish data protection authority ('Datatilsynet')
Summary: Datatilsynet is an active regulator that has published many guidelines on the GDPR and the Act. In addition, the Centre for Cybersecurity and the Danish Business Authority are supervisory authorities for cybersecurity, and cookies and telecommunications respectively, and have released guidance on data security for organisations. Denmark was the first EU country to publish Standard Contractual Clauses for contracts between controllers and processors in line with Article 28 of the GDPR in the EDPB register.