Denmark: Issued Interim Ruling by Data Protection Agency on Netcompany's Alleged Failure to Implement Security Measures

On 12 January 2024, Datatilsynet, the Data Protection Agency reported Netcompany to the police and recommended a fine of at least DKK 15 million. The agency found that Netcompany, as the data controller, failed to implement adequate security measures during the development of mit.dk, a digital mail solution for citizens and businesses. An error in the coding allowed users unauthorised access to other users' digital mail, including confidential and sensitive information. Further, Netcompany failed to conduct an impact analysis before the launch of the solution. As a result, Datatilsynet recommendad its largest fine so far.