Mr Søren Terp Kristophersen

Søren Terp Kristophersen


Employment & Immigration

Control measures: duty to provide information and transparency
Denmark | 07 October 2020

The Data Protection Agency recently completed five inspections which focused on employers' duty to provide information when using control measures to monitor employees. The decisions emphasise that employers should be diligent in informing employees about measures that allow the monitoring of employees and, to the greatest extent practicable, ensure that the information required by Articles 13 and 14 of the EU General Data Protection Regulation is given to employees in an easily accessible form.

Access to work emails: can a request to access data be too extensive?
Denmark | 09 September 2020

Under the EU General Data Protection Regulation, data controllers must provide data subjects with access to all of the personal data that the data controller processes about them if the data subject requests it. In a recent case, the Data Protection Agency considered whether an employer was entitled to refuse to provide access to all of the contents of a former employee's work email account.

Don't forget the right to be forgotten
Denmark | 02 September 2020

The Data Protection Agency recently issued a decision seriously criticising an employer which did not respond adequately after receiving a deletion request from a former employee relating to video content. The decision demonstrates that employers must carefully consider whether a request for deletion constitutes a withdrawal of consent, as any personal data processed on the basis of the consent must be deleted without undue delay, unless the employer (already) has another lawful basis for the processing.