Your Rights Under GDPR and DatabeskyttelseslovenDenmark

Researched by , Head Researcher

Primary sources cited; not legal advice.

Last verified:

Source: EU GDPR + Databeskyttelsesloven (Lov nr 502 af 23 maj 2018); Datatilsynet.

Sourced from Danish Acts of Parliament (love), executive orders (bekendtgørelser), and official government guidance. Written in plain language for general understanding — this is educational content, not legal advice. Our editorial standards

Danish National Law

What is this right?

Denmark operates under EU GDPR + Databeskyttelsesloven (Lov nr 502 af 23 maj 2018). Data-subject rights: access (Art 15), rectification (16), erasure (17), restriction (18), portability (20), objection (21). Regulator: Datatilsynet at datatilsynet.dk. Administrative fines up to €20 million or 4% of annual global turnover.

When does it apply?

  • A controller refuses to disclose, correct, or delete your data.
  • You withdraw consent but processing continues.
  • You are a victim of a data breach.
  • Direct marketing without consent.
  • You wish to object to profiling.

Using Your Rights Under GDPR in Denmark

  1. Send a written subject access request to the controller. One-month response under GDPR Art 12.
  2. If unsatisfied, complain to Datatilsynet at datatilsynet.dk.
  3. For damages, civil litigation under GDPR Art 82.

What should you NOT do?

  • Don't skip the controller's internal channel.
  • Don't provide more identifying data than necessary.

Common Questions

How long does Datatilsynet take to respond?

Initial acknowledgment is typically within a few weeks; full investigation can take months for complex cases. Datatilsynet publishes annual reports with case statistics. For cross-border GDPR cases, the EU One-Stop-Shop mechanism applies and timelines can extend.

Can I claim damages?

Yes — Article 82 GDPR allows compensation for material and non-material damage. Claims proceed via Danish civil courts (byret / landsret). Recent CJEU rulings have clarified that non-material damage requires actual demonstrated harm.

When does it applyyour rights under gdpr and databeskyttelsesloven?

A controller refuses to disclose, correct, or delete your data.You withdraw consent but processing continues.You are a victim of a data breach.Direct marketing without consent.You wish to object to profiling.

What are my data-protection rights in Denmark?

Send a written subject access request to the controller. One-month response under GDPR Art 12.If unsatisfied, complain to Datatilsynet at datatilsynet.dk.For damages, civil litigation under GDPR Art 82.

What should you NOT doyour rights under gdpr and databeskyttelsesloven?

Don't skip the controller's internal channel.Don't provide more identifying data than necessary.

More in Data Privacy & Digital Rights

Removing Non-Consensual Intimate Imagery (NCII)NCII in Denmark is criminal under Straffeloven §264d — unauthorised passing on of images or messages relating to private...Read more →Cyberstalking and Online Harassment in DenmarkOnline harassment in Denmark falls under Straffeloven: §264d (privacy / image-based abuse), §266 (threats — trusler), §2...Read more →
← Browse all Data Privacy & Digital Rights

Last verified:

You came here to know your rights — help someone else know theirs.

Support This Mission