Denmark: Fine against Danske Bank for data protection violations

On 5 April 2022, the Danish Data Protection Agency (DDPA) has found that Danske Bank was unable to demonstrate that personal data was erased in line with data protection standards and therefore imposed a fine of DKK 10 million on the bank (the highest data protection fine imposed until now). The DDPA had opened the investigation in November 2020, after the bank stated that they had detected an issue with the erasure of personal data for which there was no commercial reason for continued processing. According to the DPPA's inquiry, the bank was unable to show that procedures for the deletion and storage of personal data were in place in more than 400 systems, or that manual erasure of personal data was performed, violating privacy rules.