Danish Data Protection Authority

Datatilsynet, also known as the Danish Data Protection Authority, is the supervisory body tasked with overseeing compliance with data protection legislation in Denmark, including the European Union’s General Data Protection Regulation and the national Data Protection Act. It provides guidance to organisations and individuals on how to process personal data lawfully, handles complaints from data subjects, and conducts inspections and audits of both public and private entities. The authority’s remit covers all sectors that process personal data, ranging from healthcare and finance to education and technology, ensuring that the rights of individuals are respected across the Danish market. It also maintains a register of data processing activities and issues opinions on draft legislation that may affect privacy. Through these functions, Datatilsynet aims to foster a culture of data protection and to enforce accountability for data controllers and processors.

As an independent supervisory authority, Datatilsynet operates under the auspices of the Danish Ministry of Justice but exercises functional independence in its decision‑making processes, allowing it to act impartially when enforcing the law. Its organisational structure includes leadership and governance bodies responsible for strategic direction and operational execution. The authority’s headquarters is situated in Denmark, reflecting its national mandate, and it cooperates closely with other European data protection authorities through the European Data Protection Board. Notably, in September 2023 the agency’s website was rendered inaccessible by a distributed denial‑of‑service attack claimed by the hacker group NoName057(16), which also targeted several other Danish government agencies and caused a temporary hardware failure that required restoration of normal service. This incident highlights the authority’s exposure to cyber threats despite its primary focus on regulatory compliance.