Right of access
In contrast to the old rules, a data subject may request the right to access at reasonable intervals (the old six-month rule does not apply any longer). Also, no fee may be charged; however, for an additional request, a reasonable fee may be charged to cover administrative costs.
The Danish Data Protection Agency provides a template to comply with the right of access: https://www.datatilsynet.dk/media/6813/skabelon_til_en_aftale_vedroerende_faelles_dataansvar.docx (in Danish)
Derogation to the right of access
The DPA provides that there should be no right to access information, if essential considerations of private or public interests override the data subject’s interests (DPA Section 22(1)-(2)). Public interest includes: national security; defense; public security; the prevention, investigation, detection or prosecution of criminal offences; or the enforcement of criminal penalties.
However, only information that is actually subject to the private or public interest may be withheld from the data subject.
The rule will be relevant in relation to handling of whistleblowing reports, where subject access requests may be denied, or regarding trade-secret protection.
Also, where the processing of data takes place exclusively for scientific or statistical purposes, an access request may be denied (DPA Section 22(6)).