Data security under Danish data protection law

No derogating provisions.

The Danish Data Protection Agency provides for guidance on data security on its website: https://www.datatilsynet.dk/generelt-om-databeskyttelse/hvordan-beskytter-du-personoplysninger/ (in Danish)

In addition, guidance on how to conduct a risk assessment has been published: https://www.datatilsynet.dk/emner/persondatasikkerhed/risikovurdering/ (in Danish)

According to the Agency, the following international standards provide for adequate guidance when assessing data security:

  • ISO 29151 (Code of practice for personally identifiable information protection)
  • ISO 29134 (Guidelines for privacy impact assessment)
  • ISO 27001 and ISO 27002 (Information security management systems and Code of practice for information security controls)
  • Article 29 Working Party (WP250): Guidelines on Personal data breach notification under Regulation 2016/679: https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=49827 (in English)