Denmark
Danske Bank
1,300,000 €
GDPR enforcement action by Danish Data Protection Authority (Datatilsynet) on 2022-04-05.
Rank · Sector
#24
of 322 in Finance, Insurance and Consulting
Rank · Denmark
#1
of 29
Rank · All fines
#150
of 3,050
Case details
- Authority
- Danish Data Protection Authority (Datatilsynet)
- Date
- 2022-04-05
- Controller / Processor
- Danske Bank
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (2) GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Danish DPA has imposed a fine of EUR 1.3 million on Danske Bank. The DPA had opened an investigation against the bank after it informed the DPA that it had a problem with the deletion of personal data.
During the investigation, the DPA found that the bank had failed to document the rules for deletion and storage of personal data in more than 400 systems. Consequently, the bank was unable to prove that such rules, which are required under the GDPR, existed.
The DPA considered this to be a breach of the bank's accountability obligation under Art. 5 (2) GDPR.
Open original source
Links to the regulator's original publication or another source.
Related fines
Denmark
2025-09-02
200,900 €
ETid-2891
ILVA A/S
Industry and Commerce
Denmark
2019
160,000 €
ETid-21
Taxa 4x35
Transportation and Energy
Denmark
2020-07-28
147,800 €
ETid-361
Arp Hansen Hotel Group A/S
Accomodation and Hospitality
Denmark
2022-06-22
134,000 €
ETid-1241
Gyldendal A/S
Media, Telecoms and Broadcasting
Denmark
2021-09-29
107,000 €
ETid-857
Danish Cancer Society
Health Care
Denmark
2021-07-09
80,700 €
ETid-757
Medicals Nordic I/S
Health Care