No derogating provisions.
The Danish Data Protection Agency provides for guidance on data security on its website: https://www.datatilsynet.dk/generelt-om-databeskyttelse/hvordan-beskytter-du-personoplysninger/ (in Danish)
In addition, guidance on how to conduct a risk assessment has been published: https://www.datatilsynet.dk/emner/persondatasikkerhed/risikovurdering/ (in Danish)
According to the Agency, the following international standards provide for adequate guidance when assessing data security:
- ISO 29151 (Code of practice for personally identifiable information protection)
- ISO 29134 (Guidelines for privacy impact assessment)
- ISO 27001 and ISO 27002 (Information security management systems and Code of practice for information security controls)
- Article 29 Working Party (WP250): Guidelines on Personal data breach notification under Regulation 2016/679: https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=49827 (in English)