Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

GDPR fine: Danske Bank fined €1.3 million over non-compliant data deletion processes

GDPR fine Danske Bank fine €1.3 million for non compliant data deletion policy

On April 5, The Danish Data Protection Agency (Datatilsynet) reported Danske Bank to the police and issued a €1.3 million (DKK 10 million) fine for not being able to demonstrate a compliant data deletion process along with the violation of Art. 5 (2) GDPR.

In November 2020, Datatilsynet initiated the investigation after the Bank itself stated that they have identified a problem with personal data deletion and processing of personal data that was no longer necessary for the business purposes of the Bank.

The Datatilsynet’s investigation

The investigation uncovered that the Danske Bank did not document rules set up for storage and deletion of personal data, and could not demonstrate that manual deletion of personal data has been carried out in more than 400 Banks systems that process personal data of millions of individuals. 

As Kenni Elm Olsen, specialist consultant at the Datatilsynet stated; 

“One of the basic principles of the GDPR is that you can only process information you need – and when you no longer need it, it must be deleted. When it comes to an organization the size of Danske Bank, which has many and complex systems, it is particularly crucial that you can also document that the deletion actually takes place.”

The reason behind high fine

The Danish Data Protection Authority justified the high amount of the fine by the seriousness of the case, stating that Danske Bank has violated one of the basic principles of the General Data Protection Regulation as well as the number of people that were affected by the violation.

Compliant data removal

Each personal data collected by the company goes through a personal data lifecycle. Data is collected through different channels, and processed for everyday business operations. After the lawful basis for processing expires, personal data has to be archived for legal and documentation purposes and eventually removed.

Privacy solutions, like Data Privacy Manager, facilitate automatic instructions to a different system when data deletion needs to be executed and enables you to define data retention and data removal operationalization on different data categories.

Data Privacy Manager’s automated services answer two key questions:

  1. WHICH data subject’s data needs to be removed?
  2. WHEN does this data need to be removed?

Continue reading

Storage limitation principle -How long should you keep personal data?

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top