Privacy Blog
Danish DPA Proposed a Fine to Danske Bank
The Danish Data Protection Authority (“the DPA”) has reported Danske Bank to the Danish police and proposed a fine of DKK 10 million (app.1.3 million EUR) for the infringement of Article 5 (2) of the GDPR. This concludes a case that the DPA opened in November 2020 after the bank itself had stated that they had identified a problem with the deletion of personal data in which there was not necessarily a commercial justification for continuing to process.
During the DPA’s investigation, it has become clear that the bank in more than 400 systems has not been able to document whether rules have been laid down for deletion and storage of personal data, or whether manual deletion of personal data has been carried out. These systems process the personal data of millions of people.
You can reach further information here.
Kind regards,
Zumbul Attorneys at Law