Datatilsynet (Denmark)

From GDPRhub
Name: Datatilsynet
Abbreviation : Datatilsynet
Jurisdiction: Denmark
Head: Cristina Angela Gulisano
Deputy: n/a
Adress: Carl Jacobsens Vej 35

2500 Valby


Phone: +45 33 1932 00
Twitter: n/a
Procedural Law: n/a
Decision Database: Link
Translated Decisions: Category:Datatilsynet (Denmark)
Head Count: 57 (Dec 2018)
Budget: DKK 36.900.000 (€ 4.900.000) (2018)

The Danish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of enforcing GDPR in Denmark.

Structure[edit | edit source]

Datatilsynet is made up of the Data Council (Datarådet) and a secretariat. The council makes decisions in specific principal cases, while the secretariat handles the day-to-day operations.

Data Council[edit | edit source]

The Data Council consists of a chairperson and seven other members who are appointed by the Minister of Justice.

Secretariat[edit | edit source]

The secretariat is organized into four departments, one department consisting of the director and staff. There are three additional departments: International area; Supervision, and Data Protection. All of the departments also provide input on laws brought forward to parliamentary hearing if there are privacy-related aspects to the law that needs to be considered.

The International area department focus on Nordic, European and international cooperation; pan-European systems, such as Schengen, VIS, Eurodac, Eurojust and more. In addition, their area of focus is third-country transfers, including BCR.

The Supervisory department focus on supervisory activities, which includes the technical implementations for security of processing; bringing charges concerning breaches of security to the police; consequence analysis; certifications, Codes of Conduct; digital administration; technology of the future and more.

The Data Protection department focus on research and statistics, including re-purposing of data; supervisory activities connected to the health-, financial-, marketing and telecommunication sector, archiving, credit reporting and the CCTV surveillance law; approval of processing for a substantial public interest pursuant to § 7(4) of the Data Protection Act and more.

Procedural Information[edit | edit source]

Applicable Procedural Law[edit | edit source]

The Public Administration Act (in DK) regulates the proceedings in front of the Danish Data Protection Authority. As the case is sent over to the police and brought in front of the Court, the general rules of criminal procedures in the Danish Administration of Justice Act (in DK) also applies.

Complaints Procedure under Art 77 GDPR[edit | edit source]

Complaints can only be directed to Datatilsynet in writing.

As a minimum requirement, Datatilsynet requires to know the name and address of the complainant, as they do not generally process anonymous complaints. The complainants are also advised to contact the controller before contacting Datatilsynet.

Ex Officio Procedures under Art 57 GDPR[edit | edit source]

Datatilsynet can run ex officio procedures out of its own motion, and regularly holds audits after the implementation of the GDPR. Datatilsynet have planned audits, in addition to ad-hoc audits from cases that are brought to their attention.

Appeals[edit | edit source]

As the administrative does not issue fines in Denmark, cases with a suggested fine is brought to the police who present the case in court. As such, appeals will go through the court system.

Practical Information[edit | edit source]

Datatilsynet post the focus of their planned audits in intervals of six months. The focus of the last half of 2019 was controllers; daily surveillance, data protection in relation to employment, automatic decisions and profiling (in DK).

Datatilsynet recommends using their formula for complaints, currently found on their page as a .pdf-file(in DK). Complaints can also be directed to them in other ways, for example by e-mail.

While Datatilsynet does not issue fines of their own but instead send the case over to the police, they may order a processing activity to stop, issue limitation on processing activities, order the processing activities to be brought into compliance and issue reprimands without sending the case over to the police.

Statistics[edit | edit source]

You can help us filling this section!

EU/EEA Data Protection Authorities
Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden
Iceland · Liechtenstein · Norway EDPS · EDPB
Non-EU/EEA Data Protection Authorities
United Kingdom