When a company establishes a whistleblower system, the objective includes collecting data on people associated with the company, e.g. employees, board members, auditors, lawyers and suppliers, who have been involved in serious offences, e.g. bribery, fraud or forgery.

As the purpose of the whistleblower system is to register personal data of a sensitive nature, such as criminal offences, notification of the processing must be submitted to the Danish Data Protection Agency and the company must obtain authorisation from the Danish Data Protection Agency for the processing prior to commencement of the processing, cf. sections 48 and 50(1)1 of the Act on Processing of Personal Data.

The notification may be submitted electronically via the Danish Data Protection Agency’s website, www.datatilsynet.dk. Under the menu item “Anmeldelsesblanketter” (Notification forms), select the form entitled “Privat virksomhed” (Private entity).

To make the process easier for companies, the Danish Data Protection Agency has produced guidelines for submitting notification of whistleblower systems. The guidelines provide information about the data that can be reported in a whistleblower system, who may submit reports and who may be reported.

Go to the Danish Data Protection Agency’s guidelines for submitting notification of whistleblower systems.