Datatilsynet (Denmark): Difference between revisions

From GDPRhub
No edit summary
(No difference)

Revision as of 18:17, 19 January 2020

Datatilsynet
LogoDK.png
Name: Datatilsynet
Abbreviation : Datatilsynet
Jurisdiction: Denmark
Head: Cristina Angela Gulisano
Deputy: n/a
Adress: Borgergade 28, 5

1300 Copenhagen K

DENMARK

Webpage: datatilsynet.dk
Email: dt@datatilsynet.dk
Phone: +45 33 1932 00
Twitter: n/a
Procedural Law: n/a
Decision Database: n/a
Translated Decisions: Category:Datatilsynet (Denmark)
Head Count: n/a
Budget: n/a

The Denish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of enforcing GDPR in Denmark.

Structure

Datatilsynet is organized with one department having the director and staff. There are three additional departments: International area; Supervision, and Data Protection. All of the departments will also provide input on laws brought forth to a Parliamentary hearing if there are privacy-related aspect to the law.

The International area department focus on nordic-, european- and international cooperation; pan-European systems, such as Schengen, VIS, Eurodac, Eurojust and more. In addition, their area of focus is third-country transfers, including BCR.

The Supervisory department focus on supervisory activities, which includes the technical implementations for security of processing; bringing charges concerning breaches of security to the police; consequence analysis; certifications, Codes of Conduct; digital administration; technology of the future and more.

The Data Protection department focus on research and statistics, including re-purposing of data; supervisory activities connected to the health-, financial-, marketing and telecommunication sector, archiving, credit reporting and the CCTV surveillance law; approval of processing for a substantial public interest pursuant to § 7(4) of the Data Protection Act and more.

Procedural Information

Applicable Procedural Law

The Public Administration Act (in DK) regulates the proceedings in front of the Danish Data Protection Authority. As the case is sent over to the police and brought in front of the Court, the general rules of criminal procedures in the Danish Administration of Justice Act (in DK) also applies.

Complaints Procedure under Art 77 GDPR

Complaints can only be directed to Datatilsynet in writing.

As a minimum requirement, Datatilsynet requires to know the name and address of the complainant, as they do not generally process anonymous complaints. The complainants are also advised to contact the controller before contacting Datatilsynet.

Ex Officio Procedures under Art 57 GDPR

Datatilsynet can run ex officio procedures out of its own motion, and regularly holds audits after the implementation of the GDPR. Datatilsynet have planned audits, in addition to ad-hoc audits from cases that are brought to their attention.

Appeals

As the administrative does not issue fines in Denmark, cases with a suggested fine is brought to the police who present the case in court. As such, appeals will go through the court system.

Practical Information

Datatilsynet post the focus of their planned audits in intervals of six months. The focus of the last half of 2019 was controllers; daily surveillance, data protection in relation to employment, automatic decisions and profiling (in DK).

Datatilsynet recommends using their formula for complaints, currently found on their page as a .pdf-file(in DK). Complaints can also be directed to them in other ways, for example by e-mail.

While Datatilsynet does not issue fines of their own but instead send the case over to the police, they may order a processing activity to stop, issue limitation on processing activities, order the processing activities to be brought into compliance and issue reprimands without sending the case over to the police.

Statistics

You can help us filling this section!