Gyldendal A/S – €134,000 Fine (Denmark, 2022)

€134,000Datatilsynet (Denmark)22 June 2022Denmark
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Denmark's data protection authority fined Gyldendal A/S EUR 134,000 for keeping former book club members' data longer than necessary. The company failed to delete data for over 10 years and lacked a proper data deletion process. This case highlights the importance of having clear data retention policies.

What happened

Gyldendal A/S kept data of unsubscribed book club members for over 10 years without deleting it.

Who was affected

Former members of Gyldendal's book clubs who had unsubscribed but whose data was still retained.

What the authority found

The Danish authority found that Gyldendal violated GDPR by not deleting personal data when it was no longer needed.

Why this matters

This fine emphasizes the need for companies to implement strict data retention and deletion policies. Businesses should regularly review their data management practices to ensure compliance with GDPR.

GDPR Articles Cited

AI-verified

Art. 5(1)(e) GDPR
View original scraped data
Art. 5(1)(e) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Denmark enforcementDatatilsynet (Denmark) actionsAll Gyldendal A/S actions
Full Legal Summary
Detailed

The Danish DPA has fined publisher Gyldendal A/S EUR 134,000. During its investigation, the DPA found that the company had kept the data of approximately 685,000 unsubscribed members of Gyldendal's book clubs longer than necessary. Instead of deleting the data of the deregistered book club members, Gyldendal kept the data in a database. The data of approximately 395,000 of the former members affected were kept for more than 10 years. In addition, the DPA found that Gyldendal did not have a procedure or guidelines for data deletion.

Related Enforcement Actions (1)

Other enforcement actions involving Gyldendal A/S in DK

Current
Jun 2022

Fine

€134K

Violation Found
Apr 2023· Datatilsynet (Norway)

The Danish publishing house Gyldendal A/S (the processor) offered a service to secondary education institutions. The service was used by teachers to c...

Details

Fine Date

22 June 2022

Authority

Datatilsynet (Denmark)

Fine Amount

€134,000

Enforcement Tracker ID

ETid-1241

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Gyldendal A/S - Denmark (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: