The Danish Data Protection Agency has published its focus areas for the second half of 2019. The supervisions are aimed at both the public and private sector.

In connection with the Agency’s planned supervision for the rest of the year, focus will be on the below four areas:

  • Processors
  • Daily monitoring
  • Data protection in connection with employment relationships
  • Automatic decisions and profiling.

Processors

The Agency has chosen to focus on processors based on the GDPR’s new requirements for processors. The Agency will especially focus on the processor’s processing security and the use of subprocessors.

Suppliers to both the public and the private sector will be subject to supervision.

Daily monitoring

The Agency will take a closer look at the control at the workplace and observance of the duty of notification, registration of the customers’ purchase and travel history and automatic licence plate recognition at malls.

In addition to the latter, the Agency does not state which companies will be subject to supervision.

Data protection in connection with employment relationships

The Agency will have special focus on deletion of data collected in connection with recruitment and control measures in relation to employees and observance of the duty of notification.

A number of municipalities, the state, the private sector and charitable organisations will be subject to supervision.

Automatic decisions and profiling

The Agency will focus on compliance with the rules on use of individual, automatic decisions and profiling aimed, to begin with, at an insurance company and a bank.