The Danish Parliament has adopted the Danish Data Protection Act

The act will to some extent replace the Danish Act on Processing of Personal Data and it will enter into force simultaneously with the General Data Protection Regulation on 25 May 2018.

The purpose of the act is to implement the GDPR in the Danish law and no members of the Parliament voted against the act under the voting today.  

However, the Danish Data Protection Act has encountered opposition from different borders, be owing that the act allows public authorities to use personal data on private individuals to another purpose than the one the data originally was collected to. 

Consequently, private individuals are exposed for the risk that their personal information is being processed for another purpose than the one they initially gave their consent to. 

The criticism comes from that, the GDPR for a lawful processing requires that the data subject has given consent to the processing of his or hers personal data for one or more specific purposes cf. the General Data Protection Regulation article 6. 

To counter the criticism the Parliament has introduced a processing that requires the approval of two expert committees in the Parliament, before the authority in question lawfully can use the collected information for a new purpose.  

The re-use of data is not conditional upon the authority serving notice to the person concerned. 


Article provided by: Dr. Claas Thöle (Partner, Njord Law Denmark)


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Hö