Uncategorized

GDPR i Danmark

By December 4, 2025December 8th, 2025No Comments

GDPR i Denmark

In a nutshell In a nutshell: The EU GDPR is the framework, and i Denmark is supplemented it is by Data Protection Act and guidelines from Data Protection Authority. For companies it means: The same EU principles for data protection – plus some Danish special special rules and practice, I must to know.

What is particularly Danish about GDPR?

  • CPR number (social security number)
    Processing of CPR is specifically regulated in Section 11 ofthe Danish Data Protection Act . There are narrow conditions for when private individuals may process and disclose CPR – for example, when required by law, by explicit consent or when unique identification is essential. The Danish Data Protection Agency has brief overviews of when this is permitted.
  • Information about criminal offenses
    Denmark has national provisions in § 8 (that are based on GDPR art. 10). This means stricter requirements and limited legal basis when processing criminal data – typically only in special and clearly justified situations.
  • Camera and TV surveillance
    In addition to GDPR, the following applies; the TV Surveillance Act and the Danish Data Protection Agency’s practices on signage, deletion, security, etc. The Danish Data Protection Agency has a single entry page and a specific guide for private companies.
  • Consent – not always necessary
    Consent is only one basis for processing among several. The Danish Data Protection Agency emphasizes that you can (and should) often use other legal bases – depending on the situation and data type.

What does the Data Protection Authority expect from you in practice?

  • Clear legal frameworks for each treatment (contract, legal obligation, legitimate interest, etc.). The Danish Data Protection Agency explains basic concepts and choice of legal basis.
  • Transparency and understandable language in privacy texts and collection (forms, recruitment, CCTV signs).
  • Data minimization and deletion – store no more and no longer than necessary (monitoring also has separate guidance on deletion and security).
  • Security that matches the riskAccess management, logging, encryption, breach response.
  • Documentation – Records, decision notes (e.g. for legitimate interest), logs and training certificates.

Authorities and “lead” supervision

Data Protection Authority is the independent authority in Denmark. If you have cross-border processing, you can generally have one lead supervisory authority (one-stop-shop) where, the most important decisions for that processing are made – but other affected supervisory authorities may still have a role.

What does does this mean for your everyday life?

  • How to use EU rules as a baseline – and check Danish special rules for CPR, criminal matters and surveillance when they come into play.
  • Ensure Danish, clear language in information to data subjects in Denmark.
  • Before acquiring systems (SaaS, cameras, HR/CRM): clarify processing basis, Danish special requirements and agreements (e.g. data processing agreement) – especially if the supplier handles CPR or surveillance recordings.

Train the entire organizationquickly

Grape’s GDPR Course (Danish/English, approx. 30 min, 7 modules) makes it it easy to raise the level and document efforts i audits.

SEE MORE about GDPR