Danish Data Protection Act (Databeskyttelsesloven)
Denmark's Data Protection Act (Databeskyttelsesloven) implements the EU GDPR and adds national provisions. It is enforced by the Danish Data Protection Agency (Datatilsynet). The Act contains specific rules for processing sensitive data, including health and biometric data, and governs the use of the national civil registration number (CPR). The 2022 amendment incorporated EU Court of Justice rulings (e.g., Schrems II) and clarified data protection impact assessments and cross‑border data transfer requirements.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
DK 502/2018: Controller Obligations
| Code | Title |
|---|---|
| DK-502-§24 | Data protection officer (databeskyttelsesrådgiver) |
| DK-502-§26 | Prior consultation with Datatilsynet |
DK 502/2018: Datatilsynet (Supervisory Authority)
| Code | Title |
|---|---|
| DK-502-§27 | Datatilsynet establishment and supervision |
| DK-502-§29 | Datatilsynet information and inspection powers |
| DK-502-§31 | Third-country transfer determinations (post Schrems II) |
| DK-502-§37-38 | Supervision of the courts (Domstolsstyrelsen) |
DK 502/2018: Lawful Basis and Special Categories
| Code | Title |
|---|---|
| DK-502-§10 | Health and genetic data for research and statistics |
| DK-502-§11 | Processing of national identification numbers (CPR) |
| DK-502-§12 | Processing in the employment context |
| DK-502-§13 | Disclosure of consumer data and direct marketing |
| DK-502-§5 | Purpose limitation |
| DK-502-§6 | Lawful basis for processing |
| DK-502-§7 | Sensitive and special categories of data |
| DK-502-§8 | Public-sector processing of criminal-offence data |
DK 502/2018: Remedies and Penalties
| Code | Title |
|---|---|
| DK-502-§39-40 | Complaints and right to compensation |
| DK-502-§41 | Penalties (fines and imprisonment) |
| DK-502-§46-48 | Commencement, transitional and territorial scope |
DK 502/2018: Scope and Supplementation
| Code | Title |
|---|---|
| DK-502-§1 | Supplementation and implementation of the GDPR |
| DK-502-§2-4 | Scope, relationship to other law, and deceased persons |
| DK-502-§3-AGE | Age of consent for information society services (13) |
DK 502/2018: Transfers and Credit Information
| Code | Title |
|---|---|
| DK-502-§14 | Transfers of personal data to third countries |
| DK-502-§19-21 | Credit information agencies (kreditoplysningsbureauer) |
Maps to 1 other framework
Frequently Asked Questions
What is Danish Data Protection Act (Databeskyttelsesloven)?
Danish Data Protection Act (Databeskyttelsesloven) is a compliance framework from Denmark with 6 domains and 22 controls. Denmark's Data Protection Act (Databeskyttelsesloven) implements the EU GDPR and adds national provisions. It is enforced by the Danish Data Protection Agency (Datatilsynet). The Act contains specific rules for processing sensitive data, including health and biometric data, and governs the use of the national civil registration number (CPR). The 2022 amendment incorporated EU Court of Justice rulings (e.g., Schrems II) and clarified data protection impact assessments and cross‑border data transfer requirements. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Danish Data Protection Act (Databeskyttelsesloven) have?
Danish Data Protection Act (Databeskyttelsesloven) has 22 controls organised across 6 domains. The largest domains are DK 502/2018: Lawful Basis and Special Categories (8 controls), DK 502/2018: Datatilsynet (Supervisory Authority) (4 controls), DK 502/2018: Remedies and Penalties (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Danish Data Protection Act (Databeskyttelsesloven) map to?
Danish Data Protection Act (Databeskyttelsesloven) maps to 1 other compliance frameworks. The top mapping partners are GDPR (23% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Danish Data Protection Act (Databeskyttelsesloven) compliance?
Start your Danish Data Protection Act (Databeskyttelsesloven) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Danish Data Protection Act (Databeskyttelsesloven) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 22 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required