You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
it
Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Approfondimenti
Servizi
Whistleblowing
Data Protection
Servizi legali
Servizi fiscali
Servizi multipractice
Industry
Revisione contabile
Formazione
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 2/2021
First Company in Denmark fined for violating the GDPR
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
BPO - Business Process Outsourcing
no-it-version-available
Profile
Error 404!
Error 401!
First Company in Denmark fined for violating the GDPR
Page Content
p
ublished
on 23 February 2021
| reading time approx. 3 minutes
The City Court of Aarhus has this February ruled against a Danish company in the first criminal trial regarding violations of the GDPR. The defendant was sentenced to a fine of DKK 100.000 (approx. EUR 13.500). The violation consisted in the company’s lack of deletion of personal data which violated Article 5 (1)(e) of the GDPR.
Background of the criminal case
In the fall of 2018, the Danish Data Protection Authority (Datatilsynet) audited the company IDdesign A/S. The main objective was to investigate whether retention periods regarding the deletion of personal data were complied with.
The Danish Data Protection Authority concluded, that IDdesign had not complied with the requirements of Article 5 (1)(e) of the GDPR (storage limitation), as the company:
had processed personal data of approximately 385,000 customers for a longer period than what was necessary for the purposes for which they were processed;
had not documented retention periods in one of the company’s systems, for deletion of personal data;
had continued to process personal data of customers in another of the company’s systems, also after expiration of the company's own retention periods;
had not sufficiently documented its procedures for deleting personal data in their recruitment and HR system.
The Danish Data Protection Authority therefore, filed a claim against IDdesign A/S and claimed a fine of DKK 1.500.000 (approx. EUR 202.000).
Decision of the City Court of Aarhus
According to the City Court of Aarhus’ decision, IDdesign was found guilty of all charges. However, because the violations were found not to have been intentional but a consequence of negligent behavior, the fine was reduced to DKK 100.000 (approx. EUR 13.500). The Court’s main objectives for reducing the fine were:
That it was only IDdesign A/S’s revenue that was relevant when calculating the amount of the fine and not the entire Group’s revenue.
That this was the company’s first-time violation of the GDPR.
That the personal data was not of sensitive character and was only available in an old system that was no longer in use by the company.
That none of the data subjects had incurred any loss and the violation was more of a principal character, to which the Danish Data Protection Authority agreed.
Furthermore, the court emphasized that the company had taken significant measures to ensure that the company’s other systems and their processing of personal data were in compliance with the GDPR.
This judgment is of great importance for other cases currently being processed by the danish courts and will likely be referenced to in any future case with regard to the determination of fines.
The Danish Data Protection Agency’s guide on GDPR fines
Because the determination of fines can be particularly complex in cases of violation of the data protection rules, given the companies’ different sizes and the wide range of violations, the Danish Data Protection Authority issued a guide in this regard in January 2021.
The amount of the fine must first be determined according to the basic principles set out in Article 83 (4) of the GDPR. The fine may thus, depending on the extend of the violation, amount up to EUR 10 million, or in the case of an undertaking 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher, or up to EUR 20 million, or in case of an undertaking 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
However, the basic principles are determined on the basis of an overall proportionality consideration in relation to large companies, which have a turnover of up to and including DKK 500 million. The fine can thus be adjusted if the company is a micro, small or medium-sized company.
After determining the amount of the fine in accordance with the principles set out above, the fine can be adjusted according to the nature and duration of the violation. The size of the fine can thus be increased if there are aggravating circumstances, such as multiple offenses, or the fine can be reduced if there are mitigating circumstances, such as that the company has implemented procedures according to best practice for the area or profession in question. However, the fine can never exceed the maximum amounts stated above.
As a final point, the Danish Data Protection Agency has emphasized that the company's claim that a large fine will have a serious financial consequence for the data controller should be taken into account. A large fine that causes a company to go bankrupt must be assumed to be both effective and dissuasive, but it must also be proportionate, and it should, therefore, always be considered whether the goal can be achieved with a smaller fine.
CONTACT
Camilla Schack
+45 20 12 37 38
Invia richiesta
RÖDL & PARTNER DENMARK
Discover more about our offices in Denmark.
Read more »
DATA PROTECTON BITES
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide,
with a special focus on the GDPR.
Read all releases »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
