News
Data protection22.11.2017

Written By

Guidelines on consent

22.11.2017

The EU General Data Protection Regulation will enter into force in the not too distant future, and the ‎fourth set of guidelines on the GDPR has therefore been issued.

The Danish Data Protection Agency and the Danish Ministry of Justice recently issued their fourth set of ‎guidelines on the GDPR. This time, the guidelines concern processing consent.‎

The GDPR introduces stricter rules on consent by listing several specific conditions for when consent is a ‎valid basis for processing. In addition, additional requirements are introduced with regard to the ‎documentation required to show that valid consent has been obtained.‎

The guidelines may serve as a guide for when valid consent has been obtained and what the ‎consequences will be if consent is withdrawn. Moreover, the last part of the guidelines contains a check ‎list which may be used to check that all conditions have been satisfied. The guidelines involve the Bill ‎that was recently introduced in the Danish Parliament to supplement the provisions of the GDPR, which ‎proposes among other things to allow processing of employee data based on the employee’s consent.‎

The guidelines are available here (in Danish).

The content of the above is not, and should not be a substitute for legal advice.

More about the subject

NewsData protection15.12.2020

Must the Data Protection Agency be notified in case of an “internal” personal data breach?

The Data Protection Agency has expressed criticism of a municipality, inter alia, because the municipality had failed to notify a personal data breach to the Agency or communicate the breach to the affected employee.

Read More
NewsData protection12.10.2020

Right of access to internal working documents? Must the names of employees be disclosed?

According to the Data Protection Agency, an insurance company was justified in not providing access to an internal working document as well as the names of the company’s employees to a former customer.

Read More
NewsData protection09.09.2020

Control measures: duty to provide information and transparency

The Data Protection Agency recently completed five inspections focused on employers’ duty to provide information when using control measures towards employees.

Read More
NewsData protection27.08.2020

Access to work emails? Can a request to access data be too extensive?

Under the GDPR, a data controller must provide a data subject with access to all personal data which the data controller processes about him or her, if the data subject requests it. However, the data controller may refuse to act on such a request if, for example, the scope of the request for access is excessive.

Read More