When it comes to the correct processing of personal data and compliance with the GDPR rules in a given company or organisation, it is the Danish Data Protection Agency that supervises and must ensure that everything is done correctly.
Who is the Data Protection Authority?
The Danish Data Protection Agency (cf. Datatilsynet) is the central independent authority in Denmark that supervises compliance with data protection rules in organisations and authorities.
The Danish Data Protection Agency is a supervisory authority responsible for ensuring that data protection rules are complied with. The Danish Data Protection Agency advises and guides organisations on personal data security, handles complaints about breaches of the GDPR and carries out inspections of authorities and companies.
The Danish Data Protection Agency also offers guidance on GDPR to individuals and small businesses through its website, which includes a podcast on GDPR.
The tasks, functions and duties of The Danish Data Protection Agency are statutory and derive from the Data Protection Act, the GDPR, the Law Enforcement Directive, the Law Enforcement Act and the Television Surveillance Act.
What are the functions of The Danish Data Protection Agency?
The Danish Data Protection Agency as an authority has many functions and they include:
They investigate and deal with complaints from citizens in relation to breaches of GDPR rules.
They conduct investigations related to breaches of GDPR rules to ensure compliance with the rules.
They inform citizens in Denmark about their rights to have their personal data protected under the GDPR.
They help both data controller and data processor in public and private sector organisations to comply with data protection rules through guidance and dialogue.
They inform organisations about how personal data should be protected.
They cooperate with other data protection authorities in the EU.
As AI and ChatGPT are used more frequently, the Danish Data Protection Agency's work is becoming even more focused on the digital security and compliance of our newer technology and its use.
The structure of The Danish Data Protection Agency
The Danish Data Protection Agency consists of the Data Protection Board (Datarådet) and a Secretariat. The Board primarily decides on cases of principle. A case of principle is a case that has a particular public interest. It can also be a case where the decision may have an impact on how similar cases are settled in future cases of similar character.
The Secretariat is responsible for the rest of the tasks of the The Danish Data Protection Agency and for its day-to-day operations. The Danish Data Protection Agency employs around 80 people.
The Danish Data Protection Agency carries out inspections of public authorities
The Danish Data Protection Authority is responsible for supervising authorities and organisations to check that their processing of personal data is carried out in accordance with the rules. The supervisor may examine an organisation's technical and organisational security measures to check that they protect personal data properly.
If a controller, such as an organisation or individual, doesn't comply with the rules of the GDPR, the supervisor can report the controller to the police and set them a GDPR fine.
The Danish Data Protection Agency Whistleblower Scheme
The Danish Data Protection Agency's external whistleblower scheme can be used by anyone who wants to report serious breaches of law or other types of violations that they have become aware of through their work.
When it comes to whistleblowing schemes, there are many different schemes for each company. The core of the scheme is that any illegal or immoral incident can be reported. And ultimately, all reports are sent to the Danish Data Protection Agency.
It is possible to report breaches of EU law, information on bribery, harassment, fraud, etc. It is possible to report a wide range of serious matters and not only in relation to data protection law.
The Danish Data Protection Agency has an address at Carl Jacobsens Vej 35 in Valby, and their contact details can be found on their website.
This post has been updated on 19-07-2023 by Sofie Meyer.
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.View all posts by Sofie Meyer