fbpx

Download free GDPR compliance checklist!

Tag Archives for " Denmark "

Danish hotel group fined for failing to delete customers’ details

The Arp-Hansen Hotel Group in Denmark has been fined 1.1m Danish crowns (US$170,000, €148,000) and referred to the police by the country’s data protection authority (Datatilsynet) for storing information on clients longer than necessary.

In an audit visit, the DPA found there were customer profiles which should have been deleted several years earlier. The authority considers 500,000 entries ought to have been erased from the group’s systems.

Source: Danish hotel group fined for failing to delete customers’ details

Surveillance Scandal Involving U.S. Intelligence Hits Denmark

Denmark has been rocked by a surveillance scandal in which private citizens’ data was allegedly collected by military intelligence and then shared with foreign powers.

The revelations, brought forward by a whistle-blower, have already resulted in several high-level dismissals at the agency.

Source: Surveillance Scandal Involving U.S. Intelligence Hits Denmark

Violation of personal data security by the Danish Data Protection Agency

Denmark’s data protection authority Datatilsynet has suffered a data breach when it discovered that its own documents, which should have been shredded, were disposed of in the normal wastepaper bin.

The case includes physical documents, which may have contained confidential and sensitive information about citizens, employees, etc. The agency notified itself of the breach per Article 33 of the General Data Protection Regulation, however 24 hours after the 72 hours required by law.

Source: Violation of personal data security by the Danish Data Protection Agency

Software error exposes the ID numbers for 1.26 million Danish citizens

Danish tax portal accidentally shares tax payer identification numbers with Google and Adobe analytics services.

The error lasted for five years (between February 2, 2015, and January 24, 2020) before it was discovered by Danish Agency for Development and Simplification (Udviklings-og Forenklingsstyrelsen, or UFST).

Source: Software error exposes the ID numbers for 1.26 million Danish citizens | ZDNet

Danish company reveals a possible ransomware loss of $95m

Demant, a hearing aid company, has revealed that it is expected to incur losses of up to $95 million, following a ransomware attack.

In a company announcement, on September 3, the company had experienced a critical incident on their internal IT Infrastructure.

In the announcement, the company stated that is was able to assess the financial impact of the incident, and it was found that the total negative financial impact on the firm ranged from DKK 550-560m ($80-95m). This figure also includes a deduction of DKK 100 ($15m) from insurance coverage.

Source: #Privacy: Danish company reveals a possible ransomware loss of $95m

Danish DPA Takes New Position on the GDPR Legal Basis for Posting Online Photos

The Danish Data Protection Authority has changed its position regarding the legal basis for posting pictures online under the General Data Protection Regulation (GDPR). Rather than a distinction between “situational” and “portrait” pictures, Datatilsynet now requires a case-by-case analysis.

The Danish DPA will no longer distinguish between situational and portrait images. It now holds that the question of whether a picture can be published on the Internet — without the consent of the person concerned — will depend on a comprehensive assessment of the picture and the purpose of the publication.

Source: Picture Picture on the Wall: Danish DPA Takes New Position on the GDPR Legal Basis for Posting Online Photos

Denmark Data Protection Auth. on GDPR & Voice Recordings

The Denmark Data Protection Authority (DPA) ruled on April 11, 2019, that affirmative consent is required when companies record customer telephone calls.

In this case company provided disclosures to its customers that calls may be recorded for training purposes, but did not offered a mechanism for customers to opt-in or opt-out of the recording. DPA rejected the company’s arguments that its recording practices served a legitimate interest, such as the improvement of its customer service, and concluded that the company’s telephone recording practices violated the GDPR.

Source: Denmark Data Protection Auth. on GDPR & Voice Recordings

Denmark Recommends First Fine Under New EU Privacy Law

Denmark’s Data Protection Authority (DPA) has recommended fining a taxi company 1.2 million kroner ($180,000) for not deleting customers’ telephone numbers, the first Danish penalty imposed under Europe’s strict 2018 privacy rules.

The fine demonstrates that it’s not enough for companies doing business in Denmark to delete people’s names and addresses to satisfy the requirements of the European Union’s General Data Protection Regulation. They must delete all information, including telephone numbers, to avoid potentially high fines.

Source: Denmark Recommends First Fine Under New EU Privacy Law

GDPR case work swamps Denmark’s data protection agency

The landmark introduction of the General Data Protection Regulation (GDPR) in May has triggered a resource and budgetary headache at Datatilsynet, Denmark’s data protection agency (DPA). The DPA has logged a significant surge in GDPR-related cases since June, especially cases linked to social media organisations, including Facebook and Google. The uplift in workload is happening at a level that is testing the DPA’s capacity to process, investigate and efficiently manage cases.

Source: GDPR case work swamps Denmark’s data protection agency

>