Home

persondataforordningen

The persondataforordningen, commonly known in English as the General Data Protection Regulation (GDPR), is the European Union framework governing the processing of personal data. It took effect on 25 May 2018 and applies to organizations established in the EU as well as those outside the EU that offer goods or services to, or monitor the behavior of, individuals in the Union. It replaces the 1995 Data Protection Directive and aims to create a harmonized privacy regime across member states.

The regulation is based on core principles: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy;

Data subjects have rights including access to data, rectification, erasure, restriction of processing, data portability, and

Controllers and processors must implement data protection by design and by default, perform data protection impact

Transfers outside the European Economic Area require safeguards. Enforcement is carried out by national supervisory authorities,

In Denmark, the GDPR is complemented by the Databeskyttelsesloven, and the regulatory authority is Datatilsynet.

storage
limitation;
integrity
and
confidentiality;
and
accountability.
Personal
data
includes
anything
that
can
identify
a
person,
directly
or
indirectly.
objection
to
processing,
as
well
as
protections
against
automated
decision-making
in
many
cases.
Processing
must
have
a
lawful
basis,
such
as
consent,
performance
of
a
contract,
legal
obligation,
vital
interests,
public
task,
or
legitimate
interests.
assessments
for
high-risk
processing,
maintain
records
of
processing
activities,
appoint
a
data
protection
officer
in
certain
cases,
and
notify
authorities
of
data
breaches
within
72
hours
when
risk
exists.
with
penalties
up
to
20
million
euros
or
4%
of
global
annual
turnover,
whichever
is
higher.