Support Centre

Denmark

Summary

Law: Act No. 502 of 23 May 2018 on Supplementary Provisions to the Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: Danish data protection authority ('Datatilsynet')

Summary: Datatilsynet is an active regulator that has published many guidelines on the GDPR and the Act. In addition, the Centre for Cybersecurity and the Danish Business Authority are supervisory authorities for cybersecurity, and cookies and telecommunications respectively, and have released guidance on data security for organisations. Denmark was the first EU country to publish Standard Contractual Clauses for contracts between controllers and processors in line with Article 28 of the GDPR in the EDPB register.

Insights

In a time when digital marketing and visual identity play crucial roles, using employee photos sparks complex questions concerning privacy and data protection. The complexity of this landscape is further emphasized by the ongoing development of rules and regulations. In this Insight article, Elsebeth Aaes-Jørgensen, Partner at Norrbom Vinding, delves into how employers can navigate the delicate balance between their need for visual representation and the essential considerations on how to avoid infringing employees' rights.

In March 2022, the Danish data protection authority ('Datatilsynet') issued its 'Guidance on the use of cloud' ('the Guidance')1. Birgitte Toxværd, Partner and Attorney-at-law at Horten Advokatpartnerselskab, chronologically dissects the Guidance and its updates, and discusses key takeaways in relation to data transfers and cloud computing.

On 29 October 2021, the Danish data protection authority ('Datatilsynet') published a guide on how to approach data processor audits. In the guide, the Datatilsynet sets out six supervisory concepts based on a risk assessment of the processing activities in question. The risk assessment uses a points scale, where the total score gives the data controller a sense of the risk associated with the processing, and which supervisory concept to choose when auditing the data processor. Camilla Sand Fink, Senior Associate and Head of the Data Privacy Team at CLEMENS Law Firm, reviews the Datatilsynet's guide and the central issues around auditing data processors.