The Danish Data Protection Agency Has Reported Itself
It has been decided, that the Danish Data Protection Agency did not dispose of documents containing personal data correctly when moving to new premises. Papers containing confidential information that should have been shredded was disposed of like regular paper waste.
Breach Reported Too Late
The breach was reported to the Danish Data Protection Agency, but it was done too late. According to the rules, a breach must be reported within 72 hours of discovery.
The Danish Data Protection Agency has criticised the case for this exact reason – that it was not reported fast enough. In similar cases of incorrect disposal of papers, they have not voiced criticism.
In connection with the Danish Data Protection Agency reporting itself, we would like to shed some light on the subject.
Advice On What You Can Do
It is about safe storage of sensitive personal data and physical documents containing personal data that must be secured.
You can do this, for example, by:
- picking up documents immediately after printing
- store the documents locked when unattended
- store the documents in fireproof cabinets
- ruin the documents safely, so restoring is impossible, e.g. by shredding
- control the access to premises in which personal data is stored
- be aware of uninvited guests at your workplace
In our GDPR awareness training, your employees will learn many important things. This includes the passage of personal data, the data subject’s rights and Privacy by Design and Default.
The e-learning is pedagogical and the content is continuously updated in collaboration with experts. It is heavy legal language that is communicated easily understandable. Another benefit of the e-learning is that it involves the participants with interactive cases, that makes them remember the content better.