2 years with GDPR – Important verdicts and rulings

July 2, 2020
English Language

Do you remember what happened on May 25, 2018?


That was day GDPR came into effect and a new set of requirements for organizations' processing, retention of personal data and documentation became part of the agenda.

On the 2nd anniversary of the EU’s General Data Protection Regulation, the privacy team at our partner, Plesner, prepared a special newsletter in which they cover the first two years of GDPR.

In the newsletter, they have also collected important verdicts from The Danish Data Protection Agency since May 25, 2018.

They go through the following cases:

  • TAXA 4x35 reported to the police for failing to comply with GDPR's data minimization and deletion rules
  • ID Design reported to the police
  • Critic of Pandora for using ID Validation when receiving requests from registered users
  • Insight at DSB
  • Jobteam reported to the police for deleting information covered by insights request
  • TDC and their data minimization
  • Rejsekort A/S' injunction
  • Violation of personal data security at PFA Pension
  • BEC discloses protected address information
  • Gladsaxe and Hørsholm Municipality reported to the police for inadequate treatment security
  • Supervision of therapists in Randers Municipality

We can learn a great deal from these cases, and they show us that there are many areas of the Personal Data Protection Regulation that individual companies, organizations, and public institutions must deal with to achieve compliance.

Read the newsletter here

If your organization is still struggling to reach the goal of your GDPR work, then it is not a wonder. Working with GDPR is an ongoing process where you, as a data controller, must be able to handle and document the processing of personal data in accordance with the rules.

It also means that once you comply with the rules, your work on governance begins. Here, for example, controls and reassessments must ensure that continuous compliance work is carried out.

And that can be quite a mouthful to swallow.

In retrospect, Michael Hopp recognizes this when he writes:

“Data protection is an area that is constantly evolving. The flow of new verdicts and rulings is continuous, and the bar for GDPR compliance continues to be raised. In other words, the work on the Personal Data Protection Regulation is comprehensive and legally complicated.”

Get help to comply with GDPR

In collaboration with Plesner, we have developed a GDPR software solution that can help and guide your organization when managing, controlling, and documenting your compliance efforts.

This makes working with GDPR easier and far more manageable.

Read about our GDPR solution here


We point out that our blog posts are neither comprehensive nor an absolute exposition of the compliance processes. RISMA Systems makes no guarantee that the information is accurate, up-to-date or complete, and the blog post must by no means be seen as legal advice. You are responsible for verifying that the information is in accordance with applicable law, if you are considering using it. All information is used at your own risk. RISMA Systems cannot guarantee full compliance with applicable laws and regulations, if you choose to follow the information in this blog post.


Stay up to date with knowledge and best practices on compliance, risk management, and governance. Receive guides, articles, case stories, invitations to events, offers, and much more.