Page 1

Search

Later changes to
the regulation

HISTORIC

LAW No. 429 of 31/05/2000

Ministry of Justice

See detailed overview
ACT No. 280 of 25/04/2001 § 7

Personal Data Act

More information

ACT no. 552 of 24/06/2005 § 6

Act on the processing of personal data

LBK No. 158 of 09/03/2006

1)

ACT no. 519 of 06/06/2007 § 2
LAW No. 188 of 18/03/2009
ACT no. 503 of 12/06/2009 § 2

WE MARGRETHE THE SECOND, by the Grace of God, Queen of Denmark, truly do:

ACT no. 422 of 10/05/2011 § 2

The Folketing has passed and We by Our consent confirmed the following law:

ACT no. 1245 of 18/12/2012 § 1

Section I
LAW No. 606 of 12/06/2013

Introductory provisions

ACT no. 639 of 12/06/2013 § 1
ACT No. 410 of 27/04/2017 § 55

Chapter 1

ACT No. 426 of 03/05/2017 § 44
LAW No. 502 of 23/05/2018

Changes / cancels

Area of ​law
§ 1.§ 1. The Act applies to the processing of personal data which is wholly or partly carried out by means of electronic
data processing, and for non-electronic processing of personal data that is or will be contained in a register.

See detailed overview
LAW No. 572 of 19/12/1985
LBK No. 622 of 15/09/1986

PCS. 2. The Act also applies to other non-electronic systematic processing, which is carried out for private individuals and which
includes information on individuals' private or financial circumstances or otherwise information on personal matters,
which can reasonably be demanded to be withheld from the public. However, this does not apply to the rules in Chapters 8 and 9 of the Act.

PCS. (3) The Act also applies to the processing of information on companies, etc., cf. 1 and 2, if this
processing is performed for credit bureaus. The same applies to treatments that are covered by
§ 50, para. 1, No. 2.

PCS. 4. Chapter 5 also applies to processing of data concerning companies, etc., see. Paragraph. 1.
PCS. 5. Outside the in paragraph. In the cases mentioned in 3, the Minister of Justice may decide that the rules of the Act shall in whole or in part
apply to the processing of information about companies, etc., which is performed for private individuals.

PCS. 6. Outside the in paragraph. 4 mentioned cases, the relevant minister may decide that the rules of the law in whole or in part
shall apply to the processing of information on companies, etc., which is performed for the public administration.
§ 2.§ 2. Rules on the processing of personal data in other legislation, which gives the data subject a better legal position,
precedes the rules of this Act.

PCS. 2. The law does not apply if it would be contrary to the freedom of information and expression, cf.
Article 10 of the Convention on Human Rights.

PCS. 3. The Act does not apply to treatments that a natural person carries out for the purpose of carrying out activities
purely private character.

PCS. 4. The provisions of Chapters 8 and 9 of the Act and §§ 35-37 and § 39 do not apply to treatments that
made before the courts in the field of criminal justice. The provisions of Chapter 8 and §§ 35-37 and § 39 of the Act find
nor does it apply to proceedings before the police and the prosecution in criminal matters.

PCS. 5. The Act does not apply to the processing of information made to the Folketing and institutions
affiliation thereto.

PCS. 6. The Act does not apply to treatments covered by the Mass Media Act
information databases.

PCS. 7. The Act does not apply to information databases in which only it has already been entered
published periodicals or audio and video programs covered by section 1, no. 1 or 2 of the Media Liability Act,
or parts thereof when the entry in the information database has taken place unchanged in relation to the publication. However, applies
the provisions of sections 41, 42 and 69 of the Act.

PCS. 8. This Act shall also not apply to information databases which exclusively include already
published texts, images and sound programs covered by section 1, no. 3 of the Media Liability Act, or parts thereof, when
the entry in the information database has taken place unchanged in relation to the publication. However, the provisions of
§§ 41, 42 and 69 of the Act.

PCS. 9. The Act does not apply to manual archives of clippings from published, printed articles, which
treated exclusively for journalistic purposes. However, the provisions of sections 41, 42 and 69 of the Act apply.

PCS. 10. For the processing of information, which otherwise takes place solely for journalistic purposes, applies only
the provisions of sections 41, 42 and 69 of the Act. The same applies to the processing of information that takes place exclusively
for the purpose of artistic or literary activity.

PCS. 11. The Act does not apply to processing operations carried out for the police and defense intelligence services.

Chapter 2

Definitions
§ 3.§ 3. For the purposes of this Act:
1) Personal information:
Any information about an identified or identifiable natural person (the data subject).
2) Treatment:
Any operation or series of operations with or without the use of electronic data processing, such as information
be made the subject of.
3) Register with personal data (register):
Any structured collection of personal information that is available according to certain criteria, whether this
collection is located centrally, decentrally or is distributed on a functional or geographical basis.
4) The data controller:
The natural or legal person, public authority, institution or any other body which alone or
together with others decide for what purpose and with what aids treatment may be undertaken
information.
5) The data processor:
The natural or legal person, public authority, institution or any other body dealing with it
information on behalf of the data controller.
6) Third party:
Any natural or legal person, public authority, institution or body other than that
data subject, the data controller, the data processor and the persons under the data controller's or
the direct authority of the data processor empowered to process information.
7) Recipient:
The natural or legal person, public authority, institution or any other body to which
the information is communicated, whether or not it is a third party. Authorities that will be able to be notified
information in the context of an isolated request shall not be considered as recipients.
8) Consent of the data subject:
Any voluntary, specific and informed expression of will by which the data subject agrees that information,
relating to the person concerned shall be the subject of consideration.
9) Third country:
A State which is not a member of the European Community and which has not implemented agreements concluded with the
European Community, which contains rules corresponding to Directive 95/46 / EC of 24 October 1995 on protection
of natural persons in connection with the processing of personal data and on the free movement of such data
information.

Chapter 3

Geographical area of ​the law
§ 4.§ 4. The Act applies to the processing of information which is performed for a data controller established in Denmark, if
the activities take place within the territory of the European Community.

PCS. 2. The Act also applies to the processing carried out for Danish diplomatic missions.
PCS. 3. The law also applies to a data controller established in a third country if
1) the processing of information takes place using aids located in Denmark, unless
the aids are used only for the purpose of transmitting information through the European Community
area or
2) collection of information in Denmark takes place for the purpose of processing in a third country.

PCS. 4. Data controllers who, in accordance with para. 3, no. 1, is covered by this Act, shall appoint a representative who is
established in Denmark. The data subject's ability to take legal action against the data controller in question
not affected by this.

PCS. 5. The data controller must notify the Danish Data Protection Agency in writing of who has been appointed as the representative, cf.
PCS. 4.

PCS. 6. The law applies if a data controller established in another Member State processes information in
Denmark and the treatment are not covered by Directive 95/46 / EC of 24 October 1995 on the protection of individuals with regard to natural resources
in connection with the processing of personal data and on the free movement of such data. The law also applies if
for a data controller established in a State which has implemented an agreement with the European Community
contains rules corresponding to that in the 1st sentence. mentioned directive, information is processed in Denmark and the processing is not
covered by the said rules.
Section II
Treatment rules

Chapter 4

Processing of information
§ 5.§ 5. Information must be processed in accordance with good data processing practice.

PCS. 2. Collection of information must take place for explicitly stated and objective purposes, and subsequent processing must not
be incompatible with these purposes. Subsequent processing of information that occurs only in historical, statistical or
for scientific purposes, is not considered incompatible with the purposes for which the information was collected.

PCS. The information processed shall be relevant and adequate and shall not go beyond what is required
to fulfill the purposes for which the information is collected and the purposes for which the information is subsequently processed.

PCS. 4. The processing of information shall be organized in such a way that the necessary information is updated.
Furthermore, the necessary checks must be carried out to ensure that no incorrect or misleading treatment is taken
information. Information that proves to be incorrect or misleading must be deleted or corrected as soon as possible.

PCS. 5. Information collected must not be stored in a way that allows it to be identified
registered for a longer period than is necessary for the purposes for which the information is processed.
§ 6.§ 6. Processing of information may only take place if
1) the data subject has given his express consent to this,
The processing is necessary for the fulfillment of an agreement to which the data subject is a party or of
for the implementation of measures taken at the request of the data subject prior to the conclusion of
such an agreement,
3) the processing is necessary to comply with a legal obligation incumbent on the data controller;
4) the processing is necessary to protect the vital interests of the data subject;
5) the processing is necessary for the performance of a task in the interest of society,
6) the processing is necessary for the performance of a task that falls under the public domain
exercise of authority which the data controller or a third party to whom the information is disclosed has been
imposed, or
7) the processing is necessary for the data controller or the third party to whom the information is
may pursue a legitimate interest and the interests of the data subject do not exceed that interest.

PCS. 2. A business may not pass on consumer information to another business for use by
marketing or using the information on behalf of another company for this purpose, unless the consumer
has given its express consent to this. Consent must be obtained in accordance with the rules of
§ 6 a of the Marketing Act.

PCS. 3. Transmission and use as mentioned in para. 2 may, however, be done without consent in the case of general
customer information which forms the basis for division into customer categories and if the conditions in para. 1, no. 7, is fulfilled.

PCS. 4. Pursuant to para. 3, information as mentioned in §§ 7 and 8 is not passed on or used. The Minister of Justice may
lay down further restrictions on the access to or use of certain types of information pursuant to paragraph 1; 3.
§ 7.§ 7. No information about racial or ethnic background, political, religious or philosophical may be processed
beliefs, trade union affiliations, and health and sexuality information.

PCS. 2. The provision in para. Paragraph 1 shall not apply if:
1) the data subject has given his express consent to such processing;
2) the processing is necessary to protect the vital interests of the data subject or another person in cases,
where the person concerned is not physically or legally able to give his consent,
The processing concerns information which has been published by the data subject; or
4) the processing is necessary for a legal claim to be established, asserted or defended.

PCS. 3. Processing of information about trade union affiliations can also take place if the processing is
necessary for compliance with the data controller's labor law obligations or specific rights.

PCS. 4. A foundation, association or other non-profit organization whose purpose is political, philosophical, religious
or professional nature, may, within the framework of its activities, carry out the processing of the 1 mentioned information about
members of the organization or persons who, due to the purpose of the organization, are in regular contact with
this. Disclosure of such information may, however, only take place if the data subject has given his express notice
consent to this or the processing is covered by para. 2, nos. 2-4, or para. 3.

PCS. 5. The provision in para. Paragraph 1 shall not apply if the processing of information is necessary for the purpose of
preventive disease control, medical diagnosis, nursing or patient care, or management of medical and
health services, and the processing of the information is carried out by a person in the health sector who after
the law is subject to professional secrecy.

PCS. 6. Treatment of the in paragraph. 1 information may occur if the processing is necessary for the sake of a
the performance of its tasks in the field of criminal law by a public authority.

PCS. 7. Exemption from the provision in para. 1 may also be made if the processing of information takes place for reasons
relating to the consideration of important societal interests. The supervisory authority gives permission for this. There can
detailed conditions for the treatment are laid down. Where permission is granted, the supervisory authority shall notify
European Commission.

PCS. 8. For public administration, computer records may not be kept with information on political matters that are not
publicly available.
§ 8.§ 8. For the public administration, information on criminal matters, significant social, may not be processed
problems and other purely private matters than those in § 7, para. 1, unless it is necessary for the performance of
tasks of the authority.

PCS. 2. De i stk. The information referred to in paragraph 1 may not be disclosed. Disclosure may, however, be made if
1) the data subject has given his express consent to the transfer,
2) the transfer takes place for the protection of private or public interests that clearly exceed the interests of the
interests which justify secrecy, including the interests of the person to whom the information relates,
3) the disclosure is necessary for the performance of the activities of an authority or required for a decision which
the authority must take, or
4) the transfer is necessary for the performance of a person's or company's tasks for the public.

PCS. 3. Administrative authorities which carry out tasks in the social field may only pass on the 1
mentioned information and the information mentioned in § 7, para. 1, if the conditions in para. 2, No. 1 or 2, is fulfilled, or
if the transfer is a necessary part of the proceedings or necessary for an authority to carry out
supervisory or control tasks.

PCS. 4. Private bodies may process data on offenses, serious social problems and other purely private
conditions than those in § 7, para. 1, mentioned if the data subject has given his express consent to this. In addition, can
processing shall take place if it is necessary to pursue a legitimate interest and this interest clearly exceeds
consideration for the data subject.

PCS. 5. De i stk. The information referred to in paragraph 4 may not be disclosed without the express consent of the data subject. Disclosure
may, however, be done without consent when it is in the interest of public or private interests, including the consideration of it
the person himself, who clearly exceeds the interests of the justifier.

PCS. 6. Consideration of information in cases governed by paragraph. 1, 2, 4 and 5, may otherwise take place if
the conditions of § 7 are met.

PCS. 7. A complete register of criminal convictions may be kept only for a public authority.
§ 9.§ 9. Information as mentioned in § 7, para. 1, or § 8 may be dealt with if this is done solely for the purpose of leading
legal information systems of significant societal importance and if the processing is necessary for the conduct of
systems.

PCS. 2. The of para. The information covered by paragraph 1 may not be processed later for any other purpose. The same goes for treating
other information which is carried out solely for the purpose of maintaining legal information systems, cf. section 6.

PCS. 3. The supervisory authority may issue more detailed conditions for the 1 mentioned treatments. The same applies to
the information mentioned in § 6, which is only processed in connection with the operation of legal information systems.
§ 10.§ 10. Information as mentioned in § 7, para. 1, or § 8 may be dealt with if this is done solely for the purpose of performing
statistical or scientific studies of significant social significance and if the treatment is
necessary for the conduct of the surveys.

PCS. 2. The of para. The information covered by paragraph 1 may not later be processed in anything other than statistical or scientific
purpose. The same applies to the processing of other data which is carried out solely for statistical or scientific purposes,
see § 6.

PCS. 3. The of para. The information covered by paragraphs 1 and 2 may only be passed on to third parties with the prior permission of
the supervisory authority. The supervisory authority may set further conditions for the transfer.
§ 11.§ 11. Public authorities may process information on social security numbers for the purpose of unambiguous identification
or as a journal number.

PCS. 2. Private bodies may process data on personal number when
1) it follows from law or provisions laid down by law,
The data subject has given his express consent to this; or
3) the processing takes place solely for scientific or statistical purposes, or in the case of disclosure
of information on social security number when the transfer is a natural part of the normal operation of companies, etc.
of the species concerned and where the disclosure is essential to ensure the unambiguous identification of the
registered or the disclosure required by a public authority.

PCS. 3. Notwithstanding the provision in para. 2, no. 3, a personal identity number may not be published without express
consent.
§ 12.§ 12. Data controllers who, for marketing purposes, sell lists of groups of persons, or as for
third parties addressing or sending messages to such groups may only process
1) information on name, address, position, occupation, e-mail address, telephone and fax numbers,
2) information included in business registers which are in accordance with law or regulations laid down in accordance with law
intended to inform the public, as well
3) other information if the data subject has given express consent. Consent must be obtained in
in accordance with section 6 a of the Marketing Act.

PCS. 2. Information as mentioned in section 7, subsection 1, or § 8, may not, however, be dealt with. The Minister of Justice may determine
further restrictions on access to certain types of information.
§ 13.§ 13. Public authorities and private companies, etc. may not make automatic registration of which
phone numbers that have been dialed from their phones. Registration may, however, be made with prior permission from
the supervisory authority in cases where decisive considerations of private or public interest so warrant.
The supervisory authority may lay down more detailed conditions for registration.

PCS. 2. The provision in para. 1 does not apply if otherwise provided by law, or in the case of providers of telecommunications networks and
telecommunications services' registration of the telephone numbers to which calls have been made, either for personal use or for technical
control.
§ 14.§ 14. Information covered by this Act may be transferred for storage in an archive in accordance with the rules in the archives legislation.

Chapter 5

Disclosure to credit bureaus of public debt information
§ 15.§ 15. Pursuant to the provisions of this chapter, information on public debt may be passed on to
credit bureaus.

PCS. 2. Information as mentioned in section 7, subsection 1, or § 8, para. 1, may not be passed on.
PCS. 3. Confidential information disclosed in accordance with the rules of this Chapter shall not be considered public for that reason
available otherwise.
§ 16.§ 16. Information on debt to the public sector may be passed on to a credit information agency if
It follows from the law or provisions laid down by law; or
2) the total debt is overdue and exceeds DKK 7,500, however, this may not include debt items that are

covered by a compliance agreement on deferral or installment payment.

PCS. (2) It is a condition that the total debt, cf. 1, no. 2, is administered by the same recovery authority.
PCS. 3. It is also a condition for disclosure under para. 1, No. 2, at
1) the debt can be recovered by mortgaging and 2 reminders have been sent to the debtor,
2) an outlay has been made or attempted to be made for the claim,
The claim is determined by final judgment or
4) the government has acquired the debtor's written acknowledgment of the overdue debt.
§ 17.§ 17. The authority must give the debtor written notice thereof before disclosure takes place. Disclosure
must take place no earlier than 4 weeks after this notice has been given.

PCS. 2. The person referred to in para. The notification referred to in paragraph 1 shall contain information on
1) what information will be passed on,
2) to which credit information bureau the transfer will take place,
3) when transfer will take place, and
4) that transfer will not take place if payment of the debt takes place before the transfer or deferral is granted;
or an agreement on installment payment is entered into and complied with.
§ 18.§ 18. The Minister concerned may lay down further rules on the procedure for transfer to
credit bureaus of public debt information. In this connection, it may be determined that information
whether certain types of public debt may not be passed on or may only be passed on if additional conditions than
those mentioned in § 16 are met.

Chapter 6

Credit bureaus
§ 19.§ 19. Anyone who wishes to conduct business with the processing of information for the assessment of financial soundness and
creditworthiness with a view to disclosure (credit information agency), must obtain permission for this from the Danish Data Protection Agency,
before the treatment begins, cf. section 50, subsection 1, No. 3.
§ 20. Credit information agencies may only process information which, by its nature, is of significance for the assessment of
financial soundness and creditworthiness.

PCS. 2. Information as mentioned in section 7, subsection 1, and § 8, para. 4, must not be treated.
PCS. 3. Information on matters which are contrary to creditworthiness and which are more than 5 years old shall not be processed,
unless in the individual case it is obvious that the matter is of decisive importance for the assessment of it
the financial soundness and creditworthiness of the person concerned.
§ 21.§ 21. Credit information agencies shall, in accordance with § 28, para. 1, or § 29, para. 1, communicate the information that
referred to in these provisions, to the data subject.
§ 22. Credit information agencies must at all times at the request of the data subject within 4 weeks in an easily understandable
communicate to him the contents of the information and assessments provided by the Agency concerning the person concerned
within the last 6 months, as well as the other information provided by the Agency at the time of the request
keeps about the person in processed form or on digital medium, including available assessments.

PCS. 2. If the agency is in possession of additional material about the data subject, this must be notified to it at the same time
the person concerned with information about the nature of the material and that the data subject can access it by
personal inquiry to the agency.

PCS. The Agency shall also provide information on the category of recipients of the information as well as available
information on from which the in paragraph. The information mentioned in 1 and 2 originates.

PCS. 4. The data subject may request the agency's communication referred to in paragraph. 1-3 in writing. Minister of Justice
lays down rules on payment for written communications.
§ 23.§ 23. Information on financial solvency and creditworthiness may only be communicated in writing, cf., however, § 22, subsection. 1-3.
However, the Agency may provide subscribers with summary information orally or in a similar manner, provided that:
the name and address of the questioner are recorded and kept for at least 6 months.

PCS. 2. Publications of credit bureaus may contain summary information only and be distributed only
to individuals or companies who subscribe to messages from the agency. The publications must not contain
information on the personal identity number of the data subjects.

PCS. 3. Summary information on guilt may only be disclosed if the information originates from Statstidende,
is reported by a public authority in accordance with the rules of Chapter 5, or if the information relates to guilt to
the same creditor of more than DKK 1,000 and the creditor has either acquired the data subject's written recognition of a
overdue debt or if legal action has been taken against the person concerned. Information on finally approved
However, debt restructuring must not be passed on. Those in 1st and 2nd point. the said rules also apply to the disclosure of summary
debt information in connection with the preparation of broader credit ratings.

PCS. 4. Disclosure of summary information about individuals' guilt may only take place in such a way that
the information can not form the basis for the assessment of financial soundness and creditworthiness for anyone other than them
individuals concerned.
§ 24. Information or assessments that prove to be incorrect or misleading must be deleted as soon as possible or
corrected.
§ 25.§ 25. If an information or assessment that proves to be incorrect or misleading has previously been passed on,
the Agency shall immediately notify the data subject in writing to the data subject and to any person who has received the information;
or the assessment within the last 6 months before the agency has become aware of the matter. The registered shell
also have notification of who has received notification pursuant to the first sentence, and from whom the information or assessment
originates.
§ 26. Inquiries from a data subject about deletion, correction or blocking of information or assessments that
is stated to be incorrect or misleading, or about deletion of information that may not be processed, cf. section 37, subsection 1, shall
as soon as possible and within 4 weeks of receipt will be answered in writing by the agency.

PCS. 2. If the Agency refuses to carry out the requested deletion, correction or blocking, the data subject may within 4
weeks after receipt of the Agency's reply or after the expiry of the 1 mentioned response time bring the question for
The Danish Data Protection Agency, which decides whether deletion, correction or blocking is to be carried out. The provision in
Section 25 applies correspondingly.

PCS. 3. The Agency's replies shall, in the 2 mentioned cases contain information about the right to bring the matter
for the Danish Data Protection Agency and the deadline for this.

Chapter 7

Transfer of information to third countries
§ 27.§ 27. Information may only be transferred to a third country if that country ensures a sufficient level of protection,
cf. 3.

PCS. 2. The assessment of the adequacy of the level of protection in a third country shall be made on the basis of all the
circumstances affecting a transfer, in particular the nature of the information, the purpose and duration of the processing,
the country of origin and the country of final destination, as well as the legal rules, rules of good business practice and
security measures applicable in the third country.

PCS. 3. In addition to those in para. In the case referred to in paragraph 1, information may be transferred to a third country if:
1) the data subject has given express consent,
2) transfer is necessary for the fulfillment of an agreement between the data subject and the data controller
or for the purpose of implementing measures taken at the request of the data subject prior to
conclusion of such an agreement,
3) transfer is necessary for the conclusion or execution of an agreement in the interest of the data subject
entered into between the data controller and third parties,
4) transfer is necessary or follows from law or provisions laid down by law to protect an important
societal interest or for a legal claim to be established, asserted or defended,
5) transfer is necessary to protect the vital interests of the data subject;
6) transfer takes place from a register that is accessible by law or regulations laid down by law
for the public or for persons who can prove that they have a legitimate interest in it, in so far as they in
the conditions laid down by law for public access are met in the specific case
7) transfer is necessary for the prevention, investigation and prosecution of criminal offenses as well
enforcement and protection of defendants, witnesses or others in criminal proceedings or
8) transfer is necessary for reasons of public security, national defense or state security.

PCS. 4. Outside the in paragraph. In the cases referred to in paragraph 3, the supervisory authority may authorize the transfer of information to
third countries which do not comply with paragraph 1, provided that the data controller provides adequate guarantees for the protection of the
data subjects' rights. Detailed conditions for the transfer can be set. The Authority shall inform the European
Authorizations granted by the Commission and the other Member States under this provision.

PCS. 5. The rules in this Act shall otherwise apply to the transfer of information to third countries pursuant to subsection (1). 1, 3 and 4.
Section III
Rights of data subjects

Chapter 8

Duty to provide information to the data subject
§ 28. When collecting information from the data subject, the data controller or his representative shall provide it
registered notification of the following:
1) The identity of the data controller and his representative.
2) The purposes of the processing for which the information is intended.
3) Any additional information which, having regard to the particular circumstances in which the information is,
collected are necessary for the data subject to pursue his interests, such as:
a) The categories of recipients.
b) Whether it is mandatory or voluntary to answer questions asked and possible consequences of not answering.
c) On the rules on access to and rectification of the information relating to the data subject.

PCS. 2. The provision in para. 1 does not apply if the data subject is already familiar with those mentioned in nos. 1-3
information.
§ 29.§ 29. Where information is not collected from the data subject, it is the responsibility of the data controller or his
representative at the time of registration, or where the information collected is intended for disclosure to third parties, at the latest
when the information is passed on, to notify the data subject of the following:
1) The identity of the data controller and his representative.
2) The purposes of the processing for which the information is intended.
3) Any additional information which, having regard to the particular circumstances in which the information is,
collected are necessary for the data subject to pursue his interests, such as:
a) The type of information in question.
b) The categories of recipients.
c) On the rules on access to and rectification of the information relating to the data subject.
Page 2

PCS. 2. The provision in para. 1 does not apply if the data subject is already familiar with those mentioned in nos. 1-3
information, or if the registration or disclosure is expressly provided for by law or the provisions of
according to law.

PCS. 3. The provision in para. 1 also does not apply if notification of the data subject proves impossible or is
disproportionately difficult.
§ 30.§ 30. The provisions of § 28, para. 1, and § 29, para. 1, does not apply if the data subject's interest in becoming aware of
the information is found to give way to overriding reasons relating to private interests, including the interests of the person concerned
self.

PCS. 2. Exemption from the provisions of § 28 para. 1, and § 29, para. 1, may also be made if the data subject's interest in
to become aware of the information is found that should give way to crucial considerations of public interest, including in particular to
1) state security,
2) the defense,
3) public security,
4) prevention, investigation, detection and prosecution in criminal proceedings or in connection with breaches of ethics;
rules for regulated professions,
Substantial economic or financial interests of a Member State or the European Union, including
foreign exchange, budgetary and fiscal matters, and
6) control, supervision or regulatory tasks, including tasks of a temporary nature, which form part of the
exercise of public authority in the areas referred to in points 3-5.

Chapter 9

The data subject's right of access
§ 31.§ 31. If a person submits a request to this effect, the data controller shall give the person in question notice as to whether
information about the person is processed. If such information is processed, it must be provided in an easily comprehensible manner
the registered notification of
1) what information is being processed,
2) the purpose of the treatment,
The categories of recipients of the information; and
4) available information on where this information comes from.

PCS. 2. The controller must soon answer requests referred to in paragraph. If the request is not answered before 4
weeks after receipt, the data controller shall inform the person concerned of the reason for this, as well as when
the decision can be expected to be available.
§ 32.§ 32. The provisions of § 30 apply correspondingly.

PCS. 2. Information processed for the public administration as part of administrative case processing may
exempted from the right of access to the same extent as under the rules in section 2 of the Public Access to Information Act and sections 7-11 and 14.

PCS. 3. There is no right of access to information processed before the courts if the information is included in text which:
not available in final form. However, this does not apply if the information has been passed on to a third party. That's not right
for insight into voting protocols and other minutes of court deliberations as well as material prepared by the courts
for the purpose of deliberation.

PCS. 4. The provision in section 31, subsection Paragraph 1 shall not apply if the information is processed exclusively in
for scientific purposes or where the information is stored only in the form of personal data for the period required;
to compile statistics.

PCS. 5. For the processing of information in the field of criminal justice carried out for the public administration may
the Minister of Justice stipulate exceptions from the right to obtain information pursuant to section 31, subsection 1, insofar as the provision in § 32,
PCS. 1, cf. herewith section 30, must be assumed to entail that requests for the right of access in general must be rejected.
§ 33.§ 33. A registered person who has been notified pursuant to § 31, para. 1, is not entitled to a new notification before 6 months
after the last notification, unless a special interest is demonstrated therein.
§ 34.§ 34. Notifications in accordance with § 31, para. 1, must be given in writing on request. In cases where the consideration for it
registered speakers therefore, notice may, however, be given in the form of an oral notification of the content of the information.

PCS. (2) The Minister of Justice may lay down rules on payment for notices given in writing by private individuals
companies etc.

Chapter 10

Other rights
§ 35.§ 35. The data subject may at any time object to the data controller that information about
the person is made the subject of treatment.

PCS. 2. If the objection under subsection. 1 is justified, the processing may no longer include the information in question.
§ 36.§ 36. If a consumer objects to this, a company may not pass on information about it.
concerned to another company for the purpose of marketing or using the information on behalf of another
business for this purpose.

PCS. 2. Before the company disclose any information about a consumer to another company in order
marketing or using the information on behalf of another company for this purpose, it shall examine in CPR,
whether the consumer has declined inquiries for marketing purposes. Before information about a consumer who is not in
CPR has refused such inquiries, is passed on or used as mentioned in the first sentence, the company must clearly and
in an understandable manner inform about the right to object under para. 1. The consumer must at the same time be given access to a
easy way within two weeks to make such an objection. The information may not be disclosed before the deadline to do so
objection has expired.

PCS. 3. Contacts to consumers under subsection. 2 must otherwise take place in accordance with the rules in
§ 6 a of the Marketing Act and rules issued pursuant to § 6 a, subsection 1 of the Marketing Act. 6.

PCS. 4. The company may not demand payment for the processing of an objection.
§ 37.§ 37. The data controller must correct, delete or block information that proves incorrect or misleading or on
similar manner is treated in violation of law or regulations issued pursuant to law if a registered person
makes a request to that effect.

PCS. 2. The data controller shall notify the third party to whom the information is transmitted that they
transmitted information has been corrected, deleted or blocked in accordance with para. 1, if a registered person submits
request. However, this does not apply if the notification proves impossible or is disproportionately difficult.
§ 38.§ 38. The registered person may revoke a consent.
§ 39.§ 39. If a registered person objects to this, the data controller may not arrange for it to
data subjects are subject to decisions which have legal effects on or otherwise significantly affect the person concerned, and
taken solely on the basis of electronic data processing of information intended to assess certain
Personal relationships.

PCS. 2. The provision in para. 1 does not apply if
1) the decision in question is taken as part of the conclusion or fulfillment of an agreement, if it was registered;
request for conclusion or performance of the agreement has been complied with or is deemed appropriate
measures to protect the legitimate interests of the data subject; or
2) the decision in question is based on a law that contains provisions for the protection of the data subject
legitimate interests.

PCS. 3. The data subject has the right to be informed by the data controller as soon as possible and without undue delay,
which decision rules are behind a decision as mentioned in para. Section 30 shall apply correspondingly.
§ 40. The data subject may complain to the relevant supervisory authority about the processing of information concerning it
concerned.
Section IV
Security

Chapter 11

Treatment safety
§ 41.§ 41. Persons, companies, etc. who perform work under the data controller or data processor and who receive
access to information may only process it on the instructions of the data controller, unless otherwise provided by law or
provisions laid down by law.

PCS. 2. The person referred to in para. The instructions referred to in paragraph 1 shall not restrict or impede journalistic freedom
the provision of an artistic or literary product.

PCS. 3. The data controller must implement appropriate technical and organizational security measures to prevent
information is accidentally or unlawfully destroyed, forfeited or degraded, and against the access of unauthorized persons;
knowledge, is abused or otherwise treated in violation of the law. The same applies to data processors.

PCS. 4. For information which is processed for the public administration and which is of particular interest to strangers
powers, measures must be taken to enable disposal or destruction in the event of war or the like.
relationship.

PCS. (5) The Minister of Justice may lay down further rules on the provisions of subsection (1). 3 listed safety precautions.
§ 42. When a data controller entrusts a processing of information to a data processor, the data controller must ensure
states that the data processor may take the in § 41, para. 3-5, the said technical and organizational safety measures, and
make sure this happens.

PCS. 2. Processing by a data processor shall be carried out in accordance with a written agreement between the parties
between. The agreement must state that the data processor only acts on the instructions of the data controller, and that
the rules in § 41, para. 3-5, also applies to the processing by the data processor. If the data processor is established in a
other Member State, the agreement shall stipulate that the provisions on security measures laid down in
the law of the Member State in which the data processor is established applies to it.
Section V
Review

Chapter 12

Notification of treatments performed for the public administration
§ 43.§ 43. Before initiating a processing of information which is carried out for the public administration,
the data controller or his representative is notified to the Danish Data Protection Agency, cf., however, section 44. The data controller may
authorize other authorities or individuals to make a notification on its behalf.

PCS. The notification must contain information on the following:
1) Name and address of the data controller, his possible representative and of any data processor.

2) The name and purpose of the treatment.
3) A general description of the treatment.
4) A description of the categories of data subjects and of the types of information relating to them.
5) Recipients or categories of recipients to whom the information may be transferred.
6) Intended transfers of information to third countries.
7) A general description of the measures taken in the interests of safety of treatment.
8) The time of commencement of treatment.
9) The time of deletion of the information.
§ 44. Processing that does not include information of a confidential nature is exempt from the rules in § 43, cf. 2. En
such processing may, without notification, further include identification information, including social security number, and
information on payment to and from a public authority, except in the case of a processing as mentioned in section 45,
PCS. 1.

PCS. (2) The Minister of Justice shall lay down detailed rules on the provisions of subsection (1). 1 mentioned treatments.
PCS. 3. Treatments whose sole purpose is to keep a register which according to laws or regulations issued pursuant to the Act
is intended to inform the public and is accessible to the public is also exempt from the rules of
§ 43.

PCS. 4. The Minister of Justice may lay down rules that certain types of processing of information are exempted from
the provision in § 43. However, this does not apply to treatments as mentioned in § 45, para. 1.
§ 45.§ 45. Before processing, which is covered by the notification obligation in § 43, is initiated, the Data Inspectorate's opinion must
obtained when
1) the processing includes information covered by section 7, subsection 1, and § 8, para. 1,
2) the processing takes place solely for the purpose of maintaining legal information systems,
The treatment takes place solely for scientific or statistical purposes; or
4) the processing includes the compilation or interconnection of information for control purposes.

PCS. (2) The Minister of Justice may lay down rules that the opinion of the supervisory authority must be obtained before the implementation of other
than those in para. 1 mentioned treatments.
§ 46. Amendments to the provisions of § 43, para. 2, the information mentioned must be notified to the supervision prior to implementation. Changes
of minor importance can be notified subsequently, however no later than 4 weeks after the implementation.

PCS. 2. Prior to the implementation of changes in the provisions of section 43, subsection 2, information mentioned in reviews of treatments,
which is covered by section 45, subsection 1 or 2, the opinion of the supervisor must be obtained. Changes of minor importance shall
only notified. Notification can be made subsequently, however no later than 4 weeks after the implementation.
§ 47.§ 47. In cases where the data responsibility is delegated to a subordinate authority and the supervisory authority cannot agree to the performance of
a processing, the case is submitted to the relevant minister, who decides on the case.

PCS. 2. Can the inspectorate not agree to the execution of a processing carried out before a municipal authority,
the case is submitted to the Minister of the Interior, who decides on the case.

Chapter 13

Notification of treatments performed for a private data controller
§ 48.§ 48. Prior to initiating a processing of information which is carried out for a private data controller,
the data controller or his representative is notified to the Danish Data Protection Agency, cf., however, section 49.

PCS. (2) The notification must contain the information that appears in section 43, subsection 2.
§ 49.§ 49. Processing of information is, except for those in § 50, para. 2, specified cases, except from the rules in § 48, when
The processing includes information about employees, insofar as the processing does not include information such as
mentioned in § 7, para. 1, and § 8, para. 4,
The treatment includes information on the health conditions of employees, to the extent that the treatment of
the health information is necessary to comply with provisions of law or regulations laid down by law,
3) the processing includes information about employees whose registration is required as a result of collective
collective agreement or collective agreement in the labor market,
4) the processing includes information about customers, suppliers or other business associates, to the extent
the processing does not include information as mentioned in section 7, subsection 1, and § 8, para. 4, or to the extent not in question
treatments as referred to in § 50, para. 1, No. 4,
5) the processing is carried out for the purpose of conducting market research, insofar as the processing is not
includes information as mentioned in § 7, para. 1, and § 8, para. 4,
6) the processing is carried out by an association or the like, to the extent that only information about is processed
members of the association,
7) the processing is carried out by lawyers or accountants as part of their business, to the extent that only
processing information regarding client relationships,
8) the treatment is performed by doctors, nurses, dentists, clinical dental technicians, pharmacists,
therapy assistants, chiropractors and similar persons licensed to practice within
health and nursing care to the extent that the information is used solely for the purposes of this business and
the processing of the information does not take place in a private hospital, or
9) the treatment is performed for use by an occupational health service.

PCS. (2) The Minister of Justice shall lay down detailed rules on the provisions of subsection (1). 1 mentioned treatments.
PCS. (3) The Minister of Justice may lay down rules to the effect that other types of proceedings are exempted from the provision in section 48.
However, this does not apply to treatments that are covered by section 50, subsection 1, unless the treatments are exempted pursuant to section 50, subsection 3.
§ 50.§ 50. Prior to the commencement of a processing which is covered by the notification obligation in § 48, the Danish Data Protection Agency shall
permission is obtained when
1) the processing includes information as mentioned in section 7, subsection. 1, and § 8, para. 4,
2) the processing of the information takes place in order to warn others against business relations with or
employment relationship with a registered,
3) the processing takes place for the purpose of professional disclosure of information for assessment of financial
solvency and creditworthiness,
The treatment takes place with a view to professional assistance in the event of a vacancy; or
5) the processing takes place solely for the purpose of maintaining legal information systems.

PCS. 2. In the case of transfer of information as mentioned in para. 1 to third countries pursuant to section 27, subsection 1, and para. 3, nos. 2-4, shall
The Danish Data Protection Agency's permission is obtained for the transfer, regardless of whether the processing is otherwise exempt from notification pursuant to
§ 49, para. 1.

PCS. (3) The Minister of Justice may stipulate exceptions from the provisions in subsection (1). 1, no. 1, and para. 2.
PCS. (4) The Minister of Justice may lay down rules that prior to the initiation of other persons subject to notification
treatments than those in para. 1 or 2 must obtain permission from the inspectorate.

PCS. 5. In connection with the granting of a permit pursuant to subsection 1, 2 or 4 lay down detailed conditions for
the execution of the treatments to protect the privacy of the data subjects.
§ 51.§ 51. Amendments to the provisions of § 48, para. 2, cf. § 43, para. 2, the information mentioned must be notified to prior to the implementation
supervision. Changes of minor importance can be notified subsequently, however, no later than 4 weeks after the implementation.

PCS. 2. Prior to the implementation of changes in the provisions of section 48, subsection 2, cf. § 43, para. 2, mentioned information in reviews of
treatments which are covered by section 50, subsection 1, 2 or 4, the Danish Data Protection Agency's permission must be obtained. Changes of minor
significant significance must be notified only. Notification can be made subsequently, however no later than 4 weeks after the implementation.

Chapter 14

Notification of proceedings before the courts
§ 52.§ 52. The rules in §§ 43-46 apply to notification to the National Board of Justice of the processing of information made for
the courts.

Chapter 15

Other provisions
§ 53.§ 53. Data processors who are established in Denmark and who carry out computer service activities must first
at the beginning of the processing, notify the Danish Data Protection Agency.
§ 54.§ 54. The supervisory authority must keep a list of the treatments notified in accordance with §§ 43, 48 and 52.
The list, which must at least contain the information specified in section 43, subsection 2, must be available for
the public.

PCS. (2) A data controller shall provide the data referred to in section 43, subsection 2, nos. 1, 2 and 4-6, mentioned information on all the treatments which
performed for him, available to anyone who so requests.

PCS. 3. The public's access to the list referred to in paragraph 1 1, and the information mentioned in para.
2, may be limited to the extent necessary for the prevention, investigation and prosecution of offenses or
vital considerations of private interests make it necessary.
Section VI
Supervision and final provisions

Chapter 16

The Data Inspectorate
§ 55.§ 55. The Danish Data Protection Agency, which consists of a council and a secretariat, supervises all processing covered by the Act, cf.
however, Chapter 17.

PCS. 2. The day - to - day operations of the Authority are handled by the Secretariat, headed by a Director.
PCS. 3. The Council, set up by the Minister of Justice, shall consist of a chairman who is a judge and of 6 other members.
Deputies may be appointed for the members. The members and deputies of these are appointed for 4 years.

PCS. 4. The Council shall establish its rules of procedure and the detailed rules for the division of labor between the Council and
secretariat.
§ 56.§ 56. The Danish Data Protection Agency performs its functions in full independence.
§ 57.§ 57. When preparing executive orders, circulars or similar general legal regulations that are important for
the protection of privacy in connection with the processing of information, an opinion must be obtained from the Danish Data Protection Agency.
§ 58.§ 58. The Danish Data Protection Agency ensures, on its own initiative or after a complaint from a data subject, that the processing takes place in
in accordance with the law and rules issued pursuant to the law.

PCS. (2) The Authority may at any time revoke a decision made in accordance with section 27, subsection 4, or § 50, para. 2, cf. § 27,
PCS. 1, or para. 3, nos. 2-4, if the European Commission decides that no transfer of
information to certain third countries, or that such a transfer is lawful. However, this only applies if
the revocation is necessary to comply with the Commission decision.
§ 59.§ 59. The Danish Data Protection Agency may order a private data controller to cease processing that may not take place after this
law, and to correct, delete or block certain information that is subject to such processing.

PCS. 2. The Authority may prohibit a private data controller from using a specified procedure in connection with this
with the processing of information if the Authority finds that the procedure in question entails a significant risk
for the processing of information in violation of the law.

PCS. 3. The Authority may order a private data controller to take certain technical and organizational measures
security measures against the processing of information which may not be processed, that information is accidental or
illegally destroyed, lost or degraded, as well as against them coming to the knowledge of unauthorized persons, being abused or
otherwise treated in violation of the law.

PCS. (4) The Authority may, in special cases, issue an order or prohibition to data processors, cf. 1-3.
§ 60. The Danish Data Protection Agency shall make a decision before the competent authority in cases concerning § 7, subsection. 7, § 9, para. 3, § 10,
PCS. 3, § 13, para. 1, § 27, para. 4, §§ 28-31, § 32, para. 1, 2 and 4, §§ 33-37, § 39 and § 58, para. 2.

PCS. 2. In other cases, the Authority shall issue opinions to the data controller.
§ 61.§ 61. The Danish Data Protection Agency's decisions pursuant to this Act may not be appealed to another administrative authority.
§ 62. The Danish Data Protection Agency may require any information that is important for its activities, including to decide whether
a relationship falls under the provisions of the law.

PCS. 2. The members and staff of the supervisory authority shall at all times have access to proper identification without a court order
all premises from which a treatment carried out for the public administration is administered, or from where there is
access to the information being processed, as well as to premises where the information or technical aids are stored
or used.

PCS. 3. The provision in para. 2 applies correspondingly to processing operations carried out for private data controllers in it
the extent of the treatment is covered by section 50.

PCS. 4. The provision in para. 2 shall also apply in respect of the processing performed by data processors such as
mentioned in § 53.
§ 63.§ 63. The Danish Data Protection Agency may decide that notifications and applications for permits pursuant to this Act and amendments thereto may
or must be submitted in a specified manner.

PCS. 2. DKK 1,000 shall be paid for the submission of the following notifications and applications for permits in accordance with this Act:
1) Notification in accordance with § 48.
2) Permission in accordance with section 50.
3) Notification in accordance with § 53.

PCS. 3. A notification referred to in paragraph. 2, nos. 1 and 3, is only considered to have been submitted when payment has been made. The Data Inspectorate can
provide that an authorization as referred to in paragraph 2, no. 2, is not notified until payment has been made.

PCS. 4. The provisions of para. 2, nos. 1 and 2, does not apply to treatments that take place exclusively in scientific
or statistical purposes.

PCS. 5. If a treatment must both be notified in accordance with section 48 and permitted in accordance with section 50, only one fee is paid.
§ 64. The Danish Data Protection Agency may, on its own initiative or at the request of another Member State, ensure that a processing of
information that takes place in Denmark is legal, regardless of whether the treatment in question is subject to another
legislation of a Member State. The provisions of §§ 59 and 62 apply correspondingly.

PCS. 2. The Danish Data Protection Authority may pass on information to supervisory authorities in other Member States to the extent that it is
necessary to ensure compliance with the provisions of this Act or of the Member State concerned
data protection legislation.
§ 65.§ 65. The Danish Data Protection Agency submits an annual report on its activities to the Folketing. The report is published. The audit
may, moreover, publish its opinions. The provision in section 30 applies correspondingly.
§ 66. The Danish Data Protection Agency and the National Board of Justice cooperate to the extent necessary to fulfill their duties,
in particular by exchanging all relevant information.

Chapter 17

Supervision of the courts
§ 67.§ 67. The National Board of Justice supervises the processing of information carried out before the courts.

PCS. 2. The supervision shall include the processing of information concerning the administrative matters of the courts.
PCS. 3. For the second processing of information, a decision shall be made by the relevant court. The decision can be appealed to a higher court
right. For special courts, whose decisions cannot be appealed to a higher court, it may in the 1st sentence. the said decision is appealed to
the district court in whose district the court is located. The appeal deadline is 4 weeks from the day the decision is notified to the person in question.
§ 68. For the National Board of Justice's exercise of supervision in accordance with § 67, the provisions of §§ 56 and 58, § 62, para. 1, 2 and
4, § 63, para. 1, and § 66. The decisions of the National Board of Justice are final.

PCS. 2. In the preparation of executive orders or similar general legislation that is relevant to
the protection of privacy in connection with the processing of information carried out before the courts must be obtained
a statement from the National Board of Justice.

PCS. 3. The National Board of Justice publishes an annual report on its activities.

Chapter 18

Liability for damages and penalties
§ 69. The data controller shall compensate for damage caused by processing in violation of the provisions of this Act,
unless it is proved that the damage could not have been averted by the due diligence and care required in
in connection with the processing of information.
§ 70.§ 70. Unless a higher penalty is due under the other legislation, the person who in
in connection with a treatment carried out for private,
1) violates § 4, para. 5, § 5, para. 2-5, § 6, § 7, para. 18 pcs. 4, 5 and 7, § 9, para. 2, § 10, para. 2 and 3, 1st sentence, § 11, para. 2
and 3, § 12, para. 1 and para. 2, 1st sentence, § 13, para. 1, 1st sentence, §§ 20-25, § 26, para. 1 piece. 2, 2nd sentence, and para. 3, § 27, para. 1, § 28,
PCS. 1, § 29, para. 1, § 31, §§ 33 and 34, § 35, para. 2, §§ 36 and 37, § 39, para. 1 and 3, § 41, para. 1 and 3, § 42, § 48, § 50, para. 1 and 2,
§ 51, § 53 or § 54, para. 2,
2) fails to comply with the Danish Data Protection Agency's decision pursuant to section 5, subsection 1, § 7, para. 7, § 13, para. 1, 2nd sentence, § 26, para. 2, 1st sentence,
§ 27, para. 4, §§ 28 and 29, § 30, para. 1, § 31, § 32, para. 1 and 4, §§ 33-37, § 39, § 50, para. 2, or § 58, para. 2,
3) fails to comply with the Danish Data Protection Agency's requirements pursuant to section 62, subsection 1,
4) prevents the Danish Data Protection Agency from gaining access pursuant to section 62, subsection 3 and 4,
5) overrides conditions as mentioned in § 7, para. 7, § 9, para. 3, § 10, para. 3, § 13, para. 1, § 27, para. 4, § 50, para. 5, or one
condition or condition of a permit under rules issued under the Act or
6) fails to comply with prohibitions or injunctions issued in accordance with section 59 or in accordance with rules issued in
pursuant to the law.

PCS. 2. Unless a higher penalty is due under other legislation, the person who in
in connection with a processing carried out for public authorities, violates section 41, subsection 3, or § 53 or
overrides conditions as mentioned in § 7, para. 7, § 9, para. 3, § 10, para. 3, § 13, para. 1, § 27, para. 4, or a condition or a condition
for a permit under rules issued under the Act.

PCS. 3. Unless a higher penalty is due under other legislation, the person who in
in the case of processing which is subject to the legislation of another Member State, fails to comply
The Danish Data Protection Agency's decisions pursuant to section 59 or to meet the Danish Data Protection Agency's requirements pursuant to section 62, subsection 1, or prevents the Danish Data Protection Agency from obtaining
access pursuant to section 62, subsection 3 and 4.

PCS. 4. In rules issued pursuant to the Act, a penalty of a fine or fine may be imposed.
PCS. 5. Criminal liability may be imposed on companies etc. (legal persons) in accordance with the rules in Chapter 5 of the Criminal Code.
§ 71.§ 71. Anyone who conducts or is engaged in business as mentioned in § 50, para. 1, nos. 2-5, or § 53, may by judgment for
criminal offense, the right to do so is denied if the expelled offense justifies an imminent danger of abuse. Moreover
finds the Penal Code § 79, para. 3 and 4, application.

Chapter 19

Final provisions, including entry into force provisions, etc.
§ 72.§ 72. The Minister in question may, in special cases, lay down detailed rules for treatments carried out for it
public administration.
§ 73.§ 73. The Minister of Justice may lay down detailed rules for certain types of treatment which are performed for private individuals
data controllers, including that certain types of information may not be processed.
§ 74.§ 74. Trade associations or other bodies representing other categories of private data controllers may in
cooperate with the Danish Data Protection Agency, draw up codes of conduct that will contribute to the correct application of the rules in this
law.
§ 75.§ 75. The Minister of Justice may lay down rules which are necessary for the implementation of those of the European Community
decisions taken for the implementation of the Directive on the protection of individuals with regard to natural resources
in connection with the processing of personal data and on the free movement of such data, or rules which are
necessary for the application of Community acts in the field of the Directive.
§ 76.§ 76. The Act enters into force on 1 July 2000.

PCS. 2. Act on registers of public authorities, cf. Executive Order no. 654 of 20 September 1991, and Act on private
registers, etc., cf. Executive Order no. 622 of 2 October 1987, are repealed.

PCS. 3. The members of the Register Council shall take over as members of the Data Council until the Minister of Justice has appointed them
The members of the Data Council.

PCS. 4. Executive Order no. 160 of 20 April 1979 on the rules of procedure of the Register Council, etc., applies to the Danish Data Protection Agency
business until it is repealed or replaced by rules issued pursuant to this Act.

PCS. 5. Device no. 73 of 5 March 1979 on the regulations for registers, etc. drawn up pursuant to the Act on
public authorities' registers, not entered in the Official Gazette, are repealed.

PCS. 6. Complaints or supervision cases established before 24 October 1998 shall be completed in accordance with the current rules.
rules. The Danish Data Protection Agency exercises the competence which, according to these rules, belongs to the Danish Register Authority.

PCS. 7. The Danish Data Protection Agency also performs the tasks that are performed by the Danish Register Authority in accordance with legislation.
§ 77.§ 77. For treatments carried out for private individuals and which have been initiated before 24 October 1998, the rules in Chapter 13 shall
be fulfilled by 1 October 2000.

PCS. 2. For proceedings carried out before public authorities and commenced before 24 October 1998,
the rules in Chapters 12 and 14 must be complied with by 1 April 2001.

PCS. 3. Treatments initiated before 24 October 1998 may continue without permission for 16 weeks in accordance with the law.
entry into force if permission to do so is to be obtained in accordance with the rules in section II of the Act or the provision in subsection (1). 7.

PCS. 4. Treatments launched October 24, 1998 or later, but before the commencement of the Act, may continue
without prior notification, opinion or permission for 16 weeks after the entry into force of the Act.

PCS. 5. Notification must be made no later than 16 weeks after the entry into force of the Act in accordance with the provision in section 53.
PCS. (6) The Minister of Justice may lay down rules to the effect that in subsection The time limits referred to in paragraphs 1 and 2 shall be extended.
PCS. 7. In very special cases, the supervisory authority may, upon application, determine that treatments have been initiated
before the entry into force of the Act, may continue notwithstanding the treatment rules in Title II.

Page 3

§ 78.§ 78. Treatments which before the entry into force of the Act have been notified in accordance with § 2, para. 3, 2nd sentence, in the Act on private registers, etc., can
continue in accordance with the current rules until 1 October 2001. The Danish Data Protection Agency exercises the competence which according to these
rules apply to the Norwegian Register Authority.

PCS. 2. Treatments referred to in paragraph. 1 must comply with section 5 and sections 41 and 42 of the Act. For these treatments, it may
data subjects require the correction, deletion or blocking of information that is inaccurate or misleading, or which
stored in a manner incompatible with the legitimate purposes pursued by the data controller. The Data Inspectorate leads
supervision in accordance with the rules in Chapter 16 of the Act.
§ 79.§ 79. A consent given in accordance with the rules hitherto in force applies to treatments that
is made after the entry into force of the Act, if the consent meets the requirements of section 3, no. 8 of this Act, in conjunction with section 6, no.
1, § 7, para. 2, no. 1, § 8, para. 2-5, § 11, para. 2, no. 2, or para. 3, or § 27, para. 3, No. 1.
§ 80. In Act no. 572 of 19 December 1985 on public access to public administration, as last amended by Act no. 276 of 13 May
1998, the following amendment is made:
1.1. § 5 pieces. 3 is replaced by the following:

"PCS. 3. The Minister concerned may lay down rules on the public's access to be made known
lists as mentioned in para. 2, which is not covered by the Personal Data Processing Act. There can below
rules on payment shall be laid down. "
§ 81.§ 81. Act no. 430 of 1 June 1994 on mass media information databases is amended as follows:
1.1. In § 3, para. 1 and 3, and § 6, para. 1, 'Registertilsynet' is changed to: 'Datatilsynet'.
2.2. The following provision is inserted as new section 11 a :
§»§1111a.a. The necessary security measures must be taken against information in publicly available
information databases are modified by unauthorized persons. '
3.3. § 16, para. 1, no. 1, is replaced by the following:
»1) violates § 4, § 5, § 7, § 8, para. 1, § 9, nos. 2 and 3, § 11, para. 1 and 3, or § 11 a. «
4.4. Section 17 is replaced by the following:
»§
§ 17.
17.A mass media shall compensate for damage caused by treatment in violation of the provisions of this Act,
unless it is proved that the damage could not have been averted by the due diligence and care required in
in connection with the processing of information. The general compensation rules of the legislation also apply.

PCS. 2. The general rules of law on punishment apply to cases covered by this Act.
PCS. 3. Criminal liability may be imposed on companies etc. (legal persons) in accordance with the rules in Chapter 5 of the Criminal Code. '
§ 82. In the Real Estate Registration Act, cf. Statutory Order no. 622 of 15 September 1986, as last amended by § 2 of Act no. 1019
of 23 December 1998, are amended as follows:
1.1. In § 50 d, para. 1, is inserted instead of »Registertilsynet«: »Domstolsstyrelsen«.
2.2. § 50 d, para. 2 and 3 are replaced by the following:

"PCS. 2. The National Board of Justice supervises the land registry registers. The decisions of the National Board of Justice are final.
PCS. (3) The Minister of Justice shall lay down detailed rules on this supervision after negotiation with the National Courts Agency. '
§ 83.§ 83. The Act does not apply to the Faroe Islands, but may by royal decree be brought into force for the national authorities
processing of information with the deviations required by the special Faroese conditions. The law does not apply to either
Greenland, but can by royal decree be put into effect with the deviations that the special Greenlandic conditions dictate.

Given at Christiansborg Castle, 31 May 2000
Under Our Royal Hand and Seal
Margrethe R.
/ Frank Jensen

Official notes

1)

The law implements Directive 95/46 / EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with physical disabilities

persons in connection with the processing of personal data and on the free movement of such data (Official Journal)
1995 L 281, page 31 ff.).

About

Visit too

Retsinformation.dk is the entrance to the common state legal information system, which provides access to all applicable laws,
executive orders and circulars, etc. There is also access to the Folketing's documents and reports from the Folketing's
Ombudsman.
Cookies are not used on retsinformation.dk.
Go to the declaration of accessibility for this website on the Danish Digitization Agency's website
About Legal Information

Contact

FAQ

About ELI

Select site

