Where We Work
Central and Eastern Europe
Russia and the CIS
Southeast Europe and Turkey
Switzerland and Austria
China and Hong Kong
Czech Republic & Slovakia
United Arab Emirates
Banking & Finance
Competition & EU Law
International HR Services
Privacy and Data Protection
Public Projects and Procurement
Regulatory and Administrative
Restructuring and Insolvency
Trade and Customs
Aerospace, Defence & Security
Energy & Utilities
Life Sciences and Healthcare
Media, Entertainment and Sport
Retail and Consumer
Technology & Communications
News & Events
Bird & Bird
General Data Protection Regulation
Administrative fines as prescribed in the GDPR not permitted under Danish law. Fines will be imposed by the courts as a criminal penalty.
The Working Group has proposed that administrative fines would be supplemented with criminal sanctions in cases where fines are not available. The Working Group has also proposed establishing a new Sanctions Board under which the Data Protection Authority which would be responsible for imposing administrative fines.
Legislation expected on collective redress for GDPR breaches.
Yes - § 42: Imprisonment or a fine for (1) unlawful transfer / making accessible of non-publicly accessible personal data of a large number of individuals for commercial purposes; (2) unlawful processing of non-publicly accessible personal data if done for money or with the intent of obtaining for himself or a third person enrichment or damaging another person; (3) fraudulent obtaining of non-publicly accessible personal data if done for money or with the intent of obtaining for himself or a third person enrichment or damaging another person (personal offences based on responsibility).
§ 43: Fines for failure to handle an information request appropriately or to inform a consumer or to inform them fully and correctly and to do so within the prescribed time limits.
The General Scheme envisages that:
• public authorities and public bodies will generally be exempt from administrative fines, except where they are acting as ‘undertakings’
• the Data Protection Commission may convene oral hearings before large administrative fines will be imposed
• appeals of administrative fines imposed by the Data Protection Commission will be subject to a time limit of 30 days from receipt of notice of the decision;
• the Data Protection Commission will be required to make a summary application for any administrative fine imposed by it to be confirmed by the Circuit Court.
Criminal sanctions restricted to most severe infringements. DPA may give admonitions instead of financial penalties for minor infringements. Financial penalties for public bodies will be limited to approx. 25,000 EUR.
Two new criminal penalties to be introduced:
1) re-identifying anonymised or pseudonymised data;
2)altering records with intent to avoid response to a subject access request.