Danish Immigration Agency – €20,100 Fine (Denmark, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Danish Immigration Agency was fined €20,100 for losing data due to poor IT security measures. This data loss led to incorrect legal actions against residents, such as reducing benefits or police reports. The case shows how important it is for organizations to have strong data protection measures in place.
What happened
The Danish Immigration Agency lost data due to inadequate security measures, affecting residents' legal rights.
Who was affected
Residents whose data was lost, leading to incorrect legal actions against them.
What the authority found
The Danish DPA found that the agency lacked necessary technical and organizational measures to protect data, violating GDPR.
Why this matters
This case highlights the importance of robust data security practices, especially for organizations handling sensitive information. It serves as a reminder that data breaches can have serious legal and personal consequences for affected individuals.
GDPR Articles Cited
The Danish DPA has imposed a fine of EUR 20,100 on the Danish Immigration Agency. Media reports brought the DPA's attention to possible logging errors in one of the agency's IT systems, which could have an impact on the rights and freedoms of residents. The DPA consequently started an investigation at the agency. In spring and summer 2020, several security incidents occurred in the agency's systems, resulting in the loss of data records. The loss of data led to proceedings being initiated against a number of residents regarding the reduction of their cash benefits, and a number of residents being reported to the police for non-compliance with the provisions of the Foreigners Act. During its investigation, the DPA found that a lack of technical and organizational measures allowed the incident to occur. For instance, the agency had not made adequate backups of the data processed, although this would have been necessary in view of the legal consequences a loss of the data could mean for the immigrants.
Related Enforcement Actions (0)
No other enforcement actions found for Danish Immigration Agency in DK
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
17 August 2021
Authority
Datatilsynet (Denmark)
Fine Amount
€20,100
Enforcement Tracker ID
ETid-1420
About this data
Cite as: Cookie Fines. Danish Immigration Agency - Denmark (2021). Retrieved from cookiefines.eu
Last updated: