Genvejsmenu:
S - Indhold
1 - Forside
2 - Nyheder
3 - Oversigt
4 - Søg

Whistleblower systems

When a company establishes a whistleblower system, the objective includes collecting data on people associated with the company, e.g. employees, board members, auditors, lawyers and suppliers, who have been involved in serious offences, e.g. bribery, fraud or forgery.

As the purpose of the whistleblower system is to register personal data of a sensitive nature, such as criminal offences, notification of the processing must be submitted to the Danish Data Protection Agency and the company must obtain authorisation from the Danish Data Protection Agency for the processing prior to commencement of the processing, cf. sections 48 and 50(1)1 of the Act on Processing of Personal Data.

The notification may be submitted electronically via the Danish Data Protection Agency’s website, www.datatilsynet.dk under the menu item “Blanketter” (Notification forms).

You will find two standard notification forms regarding whisteblower systems (Blanketter til anmeldelse af whistleblowerordninger i den private sektor) WB1 & WB2.

Standard notification form WB1 can be used when the contoller is establised in Denmark.

Standard notification form WB2 can be used when the controller is a part of a group of companies and when the controller is establised in a third country.

In case your whistleblower system does not fall within the scope of the standard notification forms - or if you do not wish to use the standard notification forms - you may instead select the nofitication form entitled "Privat virksomhed" (Privat entity).

To make the process easier for companies using the notification form "Privat virksomhed", the Danish Data Protection Agency has produced guidelines for submitting notification of whistleblower systems. The guidelines provide information about the data that can be reported in a whistleblower system, who may submit reports and who may be reported.

Go to the Danish Data Protection Agency’s guidelines for submitting notification of whistleblower systems.

If the standard notification forms are used you can - as a starting point - expect to receive an authorization from the Danish Data Protection Agency within one month. When the notificaion form "Privat virksomhed" is used you shall expect a reviewing time of at least five months.