Danske Bank has been reported to the Danish prosecution service and fined EUR 1.3 million for failing to implement proper procedures for the deletion and storage of personal data by the Danish DPA. The fine was issued after the Danish DPA started investigating Danske Bank’s GDPR compliance, which the bank self-reported in November 2020. Its reasons for non-compliance after the 2018 deadline were the size and complexity of the task, which had taken longer than anticipated, as the bank has over 400 IT systems and holds the personal data of millions of people.
