Each year, the Danish Data Protection Agency carries out a number of scheduled inspections. In 2016, the Agency scheduled and carried out inspections at several municipalities and all five regions in order to verify compliance with the Danish Data Protection Act. In this connection, the Agency collected various written information through questionnaires and carried out inspection visits. The inspection reports issued by the Agency have now been released.
In the inspections that were carried out, the Agency's focus was on the regions' security procedures, the authorities' own supervision, data processor agreements and monitoring of data processors, etc.
The inspections carried out showed that all regions are having difficulties complying with all of the requirements of the Data Protection Act. As a result, the Agency found reason to criticise all five regions. The most severe criticism concerned the absence of or inadequate data processor agreements as well as failure to monitor the processing carried out by data processors.
In addition, the Agency requested all five regions to submit a statement of the measures that will be implemented to ensure compliance in future.
The full-length inspection reports are now available on the Agency's website (in Danish only).