Datatilsynet (Denmark)

From GDPRhub
Name: Datatilsynet
Abbreviation : Datatilsynet
Jurisdiction: Denmark
Head: Cristina Angela Gulisano
Deputy: n/a
Adress: Carl Jacobsens Vej 35

2500 Valby


Phone: +45 33 1932 00
Twitter: n/a
Procedural Law: n/a
Decision Database: Link
Translated Decisions: Category:Datatilsynet (Denmark)
Head Count: 57 (Dec 2018)
Budget: DKK 36.900.000 (€ 4.900.000) (2018)

The Danish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of enforcing GDPR in Denmark.


Datatilsynet is made up of the Data Council (Datarådet) and a secretariat. The council makes decisions in specific principal cases, while the secretariat handles the day-to-day operations.

Data Council

The Data Council consists of a chairperson and seven other members who are appointed by the Minister of Justice.


The secretariat is organized into four departments, one department consisting of the director and staff. There are three additional departments: International area; Supervision, and Data Protection. All of the departments also provide input on laws brought forward to parliamentary hearing if there are privacy-related aspects to the law that needs to be considered.

The International area department focus on Nordic, European and international cooperation; pan-European systems, such as Schengen, VIS, Eurodac, Eurojust and more. In addition, their area of focus is third-country transfers, including BCR.

The Supervisory department focus on supervisory activities, which includes the technical implementations for security of processing; bringing charges concerning breaches of security to the police; consequence analysis; certifications, Codes of Conduct; digital administration; technology of the future and more.

The Data Protection department focus on research and statistics, including re-purposing of data; supervisory activities connected to the health-, financial-, marketing and telecommunication sector, archiving, credit reporting and the CCTV surveillance law; approval of processing for a substantial public interest pursuant to § 7(4) of the Data Protection Act and more.

Procedural Information

Applicable Procedural Law

The Public Administration Act (in DK) regulates the proceedings in front of the Danish Data Protection Authority. As the case is sent over to the police and brought in front of the Court, the general rules of criminal procedures in the Danish Administration of Justice Act (in DK) also applies.

Complaints Procedure under Art 77 GDPR

Complaints can only be directed to Datatilsynet in writing.

As a minimum requirement, Datatilsynet requires to know the name and address of the complainant, as they do not generally process anonymous complaints. The complainants are also advised to contact the controller before contacting Datatilsynet.

Ex Officio Procedures under Art 57 GDPR

Datatilsynet can run ex officio procedures out of its own motion, and regularly holds audits after the implementation of the GDPR. Datatilsynet have planned audits, in addition to ad-hoc audits from cases that are brought to their attention.


As the administrative does not issue fines in Denmark, cases with a suggested fine is brought to the police who present the case in court. As such, appeals will go through the court system.

Practical Information

Datatilsynet post the focus of their planned audits in intervals of six months. The focus of the last half of 2019 was controllers; daily surveillance, data protection in relation to employment, automatic decisions and profiling (in DK).

Datatilsynet recommends using their formula for complaints, currently found on their page as a .pdf-file(in DK). Complaints can also be directed to them in other ways, for example by e-mail.

While Datatilsynet does not issue fines of their own but instead send the case over to the police, they may order a processing activity to stop, issue limitation on processing activities, order the processing activities to be brought into compliance and issue reprimands without sending the case over to the police.


You can help us filling this section!

EU/EEA Data Protection Authorities
Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden
Iceland · Liechtenstein · Norway EDPS · EDPB
Non-EU/EEA Data Protection Authorities
United Kingdom