Danish Cancer Society – €107,000 Fine (Denmark, 2021)

€107,000Datatilsynet (Denmark)29 September 2021Denmark
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Danish Cancer Society was fined EUR 107,000 for not securing personal data properly, leading to several data breaches. These breaches included computer thefts and phishing attacks, compromising sensitive health data of over 1,400 people. This case underscores the need for strong security measures to protect personal data.

What happened

The Danish Cancer Society failed to implement adequate security measures, resulting in data breaches affecting sensitive health information.

Who was affected

At least 1,448 individuals whose sensitive personal health data was compromised due to inadequate security measures.

What the authority found

The Danish DPA fined the Danish Cancer Society for not having proper security measures in place, violating GDPR's requirements for data protection.

Why this matters

This case shows the importance of implementing robust security measures to protect personal data, especially sensitive health information. Organizations must regularly update their security protocols to prevent breaches and comply with GDPR.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
Art. 33 GDPR
View original scraped data
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
Denmark enforcementDatatilsynet (Denmark) actionsAll Danish Cancer Society actions
Full Legal Summary
Detailed

The Danish DPA has fined the Danish Cancer Society EUR 107,000 for failing to comply with the requirements of the GDPR regarding appropriate security measures. The Danish Cancer Society had reported four data breaches according to Art. 33 GDPR to the DPA. Two of these involved computer thefts, two phishing attacks - and all four were due to the Danish Cancer Foundation's failure to implement technical and organizational measures to ensure a level of security appropriate to the risk to data subjects. A similar personal data breach already occurred in August 2018, when the Foundation fell victim to phishing and spoofing hacking attacks. In this context, the Danish Cancer Society stated that it should increase protection through multifactor authentication, however, this was not implemented. The data of at least 1,448 individuals was compromised, and in several cases it involved sensitive personal health data, including medical history.

Related Enforcement Actions (0)

No other enforcement actions found for Danish Cancer Society in DK

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

29 September 2021

Authority

Datatilsynet (Denmark)

Fine Amount

€107,000

Enforcement Tracker ID

ETid-857

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Danish Cancer Society - Denmark (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: