Danske Bank – €1,300,000 Fine (Denmark, 2022)

€1,300,000Datatilsynet (Denmark)5 April 2022Denmark
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Danish DPA fined Danske Bank €1.3 million for not documenting how it deletes and stores personal data. The bank couldn't show it had rules for handling data, which is required by GDPR. This case emphasizes the importance of having clear documentation for data management.

What happened

Danske Bank failed to document its data deletion and storage rules across more than 400 systems.

Who was affected

Individuals whose personal data was stored without documented rules for deletion and storage.

What the authority found

The Danish DPA found that Danske Bank violated GDPR's accountability requirement by not documenting data management rules.

Why this matters

This ruling stresses the importance of documenting data handling procedures. Businesses should ensure they have clear records of how they manage personal data to comply with GDPR.

GDPR Articles Cited

AI-verified

Art. 5(2) GDPR
View original scraped data
Art. 5(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
verified correct
Denmark enforcementDatatilsynet (Denmark) actionsAll Danske Bank actions
Full Legal Summary
Detailed

The Danish DPA has imposed a fine of EUR 1.3 million on Danske Bank. The DPA had opened an investigation against the bank after it informed the DPA that it had a problem with the deletion of personal data. During the investigation, the DPA found that the bank had failed to document the rules for deletion and storage of personal data in more than 400 systems. Consequently, the bank was unable to prove that such rules, which are required under the GDPR, existed. The DPA considered this to be a breach of the bank's accountability obligation under Art. 5 (2) GDPR.

Related Enforcement Actions (2)

Other enforcement actions involving Danske Bank in DK

Fine
Apr 2022· Datatilsynet (Denmark)

In 2020, Danish Bank reported an issue with personal data deletion to the Danish DPA. In its investigation, the DPA discovered that the bank lacked po...

€1.3M
Current
Apr 2022

Fine

€1.3M

Violation Found
Jun 2022· Datatilsynet (Norway)

Danske Bank (controller) had developed an electronic registry database for invoices, which was connected to the controller's 'District platform' appli...

Details

Fine Date

5 April 2022

Authority

Datatilsynet (Denmark)

Fine Amount

€1,300,000

Enforcement Tracker ID

ETid-1114

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Danske Bank - Denmark (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: