Holst Advokater > Aarhus, Denmark > Firm Profile
Holst Advokater Offices
HANS BROGES GADE 2
8000 AARHUS C
8000 AARHUS C
Holst Advokater > The Legal 500 Rankings
Denmark > Insolvency Tier 3Holst, Advokater‘s insolvency and restructuring practice was strengthened by the arrival of Andreas Kærsgaard Mylin and his team from Accura Advokatpartnerselskab in October 2021. Mylin focuses on restructuring processes and acts as trustee in bankruptcy cases. The group has a ‘very strong position’ in insolvency matters in the construction and real estate sectors and also receives mandates from a number of financial institutions. Based in Aarhus, Henrik Steen Jensen jointly leads the group with Mylin.
Henrik Steen Jensen; Andreas Kærsgaard Mylin
Other key lawyers:
Søren Skov; Anders Roug; Rene Møller-Olsen
‘The team is skilled, professional and delivers high quality. They have vast experience within construction bankruptcies and with the arrival of Andreas Kærsgaard Mylin they will add more diversity in the bankruptcy areas they will cover in the future.’
‘Søren Skov is without doubt a person to look out for in the future.’
‘The team has a very strong position in restructuring work in the construction and real estate sector. Holst is primarily based in Aarhus and with the lateral hire of Andreas Kærsgaard Mylin to the smaller Copenhagen office the firm has strengthened its profile in the general insolvency/restructuring market in Denmark.’
‘Henrik Steen Jensen and Søren Skov are highly specialised within the construction and real estate business and are both based in Aarhus. Andreas Kærsgaard Mylin is very skilled and highly regarded within the insolvency and restructuring market in Denmark.’
Atradius, Filial af Atradius Crédito y Caución S.A. de Seguros y Reaseguros, Spanien
Danske Bank A/S
Djurslands Bank A/S
Euler Hermes Danmark, Filial af Euler Hermes S.A, Belgien
Jyske Bank A/S
Nordea Danmark, Filial af Nordea Bank Abp, Finland
Realkredit Danmark A/S
Skandinaviska Enskilda Banken (SEB)
Spar Nord Bank A/S
Vestjysk Bank A/S
Holger Schöer; Carsten Led-Jensen
‘I think they perform very properly and they have are always very focused on the assignment. They are always in a good mood. The team performs in a way where they look into different perspectives to open up for several new solutions.’
‘My experience with Holst lawyers has always been that they take the clients and tasks seriously and quickly set up the strongest resources to solve the task. They are good at getting to grips with the client’s needs and laying down a strategy.’
‘I think they are distinguished by a high professional level, solid analyses and strategies that provide the necessary support and peace of mind, for the clients.’
‘Holger Schöer has made a great and good effort with personal involvement and advice.’
JV ZMM Nordhavnen
NRE Denmark A/S
Kemp & Laurtizen A/S
Kirk Property A/S
Hundsbæk & Henriksen A/S
Enemærke og Petersen A/S
De Forenede Ejendomsselskaber A/S
AFRY/ÅF Buildings Denmark P/S
Jørgen Friis Poulsen A/S
Schmidt Hammer Lassen Architects LLP
MT Højgaard A/S
Arbejdernes Andels Boligforening
Tryg Forsikring A/S
Transtema Group AB
GA Ejendom A/S
Havneøen 1 P/S
Boligforeningen Århus Omegn
- Representing Arena Randers in a comprehensive arbitration case pertaining to construction initiated by a turnkey contractor.
- Representing the main contractor MT Højgaard in a 15 day arbitration case initiated by a subcontractor claiming a very significant amount.
- Assisting REMA 1000 with property transfers amounting to approx. DKK3bn.
Holst Advokater > Firm Profile
The firm: Holst, Advokater was established in 2007 and provides commercial advisory services under the highest professional and ethical standards, based on the firm’s corporate culture and core values and co-operation structured to cater for its clients’ needs for flexible advice. Based in Aarhus, the second largest city in Denmark, the firm supplies value-adding solutions in close co-operation between clients and its skilled employees.
Areas of practice
Capital markets: Holst, Advokater advises companies and shareholders on stock exchange law, and also advises financial institutions and companies on aspects including loan agreements, leasing and financing schemes.
Construction and real estate: Holst offers highly specialised advice on all stages of construction projects, with in-depth experience in litigation and dispute resolution before the ordinary Danish courts and arbitration tribunals. The firm advises on construction contracts and finance and international construction projects based on the FIDIC rules.
Corporate and commercial: the practice has in-depth experience of handling corporate matters, including incorporation of companies, shareholder and capital raising issues, and establishment of joint ventures.
Data protection law: Holst, provides advice on all matters pertaining to data protection law and assists in the preparation or review of current data protection policies, data processing agreements, etc. in order to ensure compliance with applicable legislation
Debt collection: the team provides a full range of debt collection services, including general debt collection, mortgage collection, foreign collection and the collection of tax arrears on real property.
Employment: the firm offers competent and specialised advisory services within this field. Services include advice in connection with the setting up of employment, disputes arising during the term of employment, and disputes regarding termination of employment.
Energy and utilities: Holst advises private and public energy and supply utilities, including regulatory matters, establishment and commercial activities of public utilities, and handling complaints and legal proceedings.
Environment and planning law: Holst, provides highly specialized advice in all areas of environmental and planning law.
Insurance and tort: the firm represents leading insurance companies and provides legal assistance to Danish public authorities, regions, utilities and commercial undertakings in tort and insurance law matters.
Intellectual property, marketing and competition: Holst advises on R&D-agreements, licence agreements, distribution and agency agreements, marketing and competition law, and IP rights eg trade marks.
IT, telecoms and complex contracts: the team provides specialist advisory services within IT and telecoms and has wide experience of complex contracts and projects, including outsourcing of business processes, service agreements, development and operating agreements.
Litigation, arbitration and mediation: the firm specialises in this practice and is involved in cases pending before the Danish district courts, the High Courts, the Maritime and Commercial Court in Copenhagen, the Supreme Court and various arbitration tribunals, representing some of the market’s largest interests in their respective fields of business.
M&A: Holst is widely experienced in national as well as cross-border transactions and advises on strategic, commercial and legal aspects relating to M&As in close collaboration with clients and other professionals.
Private law: the firm advises on drafting of marriage contracts and wills, division of property on divorce or legal separation, and administration of estates of deceased persons.
Public law: Holst advises several Danish municipalities and regions on liabilities incurred relating to environmental legislation, planning legislation, and public administration, as well as social and health legislation and matters pertaining to financing and the raising of loans.
Public procurement: the firm advises private and public undertakings, including the Danish municipalities and regions, in connection with outsourcing activities, public procurement and PPPs.
Restructuring and insolvency: Holst advises on undertakings facing financial difficulties, including restructuring activities, suspension of payments, bankruptcy proceedings, and creditor representation.
Taxes and duties: the firm advises on a range of corporate tax matters and conducts complaints cases before local tax appeals tribunals, the National Tax Tribunal and the Danish courts of law.
|Capital markets||Jørgen Holst|
|Capital markets||Thue Hagenau|
|Construction and real estate||Carsten Led-Jensen|
|Construction and real estate||Mogens Birkebæk|
|Construction and real estate||Morten Fendinge Olsen|
|Corporate and commercial||Erik Jensen|
|Corporate and commercial||Steffen Ebdrup|
|Corporate and commercial||Mogens Birkebæk|
|Corporate and commercial||Anders Hedetoft|
|Debt collection||Henrik Steen Jensen|
|Debt collection||Henrik Chr Strand|
|Employment||Henrik Chr Strand|
|Construction and real estate||Holger Schöer|
|Energy and utilities||Jørgen Holst|
|Energy and utilities||Erik Jensen|
|Insurance and tort||Jens Andersen-Møller|
|Insurance and tort||Jacob Fenger|
|Intellectual property and marketing and competition||Mogens Birkebæk|
|Intellectual property and marketing and competition||Jakob Schmidt|
|Intellectual property and marketing and competition||Christian Skadborg|
|IT, telecommunications and complex contracts||Jakob B Sørensen|
|Litigation, arbitration and mediation||Carsten Led-Jensen|
|Litigation, arbitration and mediation||Jacob Fenger|
|Mergers and acquisitions (M&A)||Jakob Schmidt|
|Mergers and acquisitions (M&A)||Erik Jensen|
|Mergers and acquisitions (M&A)||Anders Hedetoft|
|Environmental and planning law||Stine Kalsmose Jakobsen|
|Private law||Merete Simonsen|
|Public law||Jens Andersen-Møller|
|Public procurement||Svend Bjerregaard|
|Restructuring and insolvency||Henrik Steen Jensen|
|Restructuring and insolvency||Jørgen Holst|
|Taxes and duties||Claus H Eriksen|
|Taxes and duties||Anders Hedetoft|
|Corporate and commercial||Holger Schöer|
|Litigation, arbitration and mediation||Holger Schöer|
|Restructuring and insolvency||Andreas Kærsgaard Mylin|
|Restructuring and insolvency||Anders Roug|
|Restructuring and insolvency||Rene Møller-Olsen|
|Mr Mogens Birkebæk||Partner||View Profile|
|Mr Svend Bjerregaard||Partner||View Profile|
|Mr Steffen Ebdrup||Partner||View Profile|
|Mr Morten Fendinge Olsen||Partner||View Profile|
|Mr Jacob Fenger||Partner||View Profile|
|Mr Thue Hagenau||Partner||View Profile|
|Mr Claus Hedegaard Eriksen||Partner||View Profile|
|Mr Anders Hedetoft||Partner||View Profile|
|Ms Stine Kalsmose Jakobsen||Associate partner||View Profile|
|Mr Erik Jensen||Partner||View Profile|
|Mr Carsten Led-Jensen||Partner||View Profile|
|Mr Andreas Kjærsgaard Mylin||Partner||View Profile|
|Mr Rene Møller-Olsen||Associate partner||View Profile|
|Mr Anders Roug||Associate partner||View Profile|
|Mr Jakob Schmidt||Partner||View Profile|
|Mr Holger Schöer||Partner||View Profile|
|Mr Christian Skadborg||Associate partner||View Profile|
|Mr Søren Skov||Partner||View Profile|
|Mr Henrik Steen Jensen||Partner||View Profile|
|Mr Henrik Christian Strand||Associate Partner||View Profile|
|Mr Jakob B. Sørensen||Partner||View Profile|
Staff FiguresNumber of lawyers : 55
LanguagesDanish English French German
Legal Developments6th December 2021
Sensitive data submitted in unencrypted emails draws severe criticismOn 3 February 2021, the Danish Municipality of Silkeborg reported a personal data breach, as the municipality on that day had submitted an email to Danmarks Statistik Consulting containing a list of personal ID numbers, school name and school code on 12,915 pupils. The report stated that the email due to a human error had been sent unencrypted.
29th October 2021
EUR 412,000 fine for failing security measuresThe Norwegian DPA has imposed a fine of EUR 412,000 on Norwegian municipality of Østre Toten. In January 2021, the municipality experienced a cyberattack entailing that the data of the municipality became encrypted and back-ups were deleted.
6th October 2021
WhatsApp fined EUR 225 million for inadequate informationIn 2018, the Irish Data Protection Commission initiated extensive investigations on whether WhatsApp complied with the transparency principle. The DPC examined whether WhatsApp observed its obligations under the GDPR regarding compliance of the obligation to inform and the transparency in the obligation to inform towards users and non-users of WhatsApp. During the investigation, the DPC found that WhatsApp had seriously violated Article 12, 13 and 14 of the GDPR in respect of the information provided to users.Following the investigation, the DPC presented its draft decision in December 2020 to the other concerned European supervisory authorities. Subsequently, the DPC received objections from eight supervisory authorities. As the DPC could not reach any consensus with the supervisory authorities, the DPC initiated a dispute resolution process pursuant to Article 65 of the GDPR on 3 June 2021. Based on a number of factors, the European Data Protection Board (EDPB) required that the DPC should reassess and increase its proposed fine. In addition to the infringements which the DPC had already found, the EDPB found that WhatsApp had violated the transparency principle under Article 5 (1), lit. a of the GDPR, and required the DPC to take such circumstance into consideration when deciding on the final amount of the fine. On these grounds, the DPC set the fine at EUR 225 million.Regarding Articles 12 and 13, the DPC found that WhatsApp had not provided information “in a short, transparent, concise, easily accessible and easy to understand, and in a clear and plain language” about the kind of data collected. The DPC made clear that the transparency principle also includes making information easy for children to understand when addressed to them.Among others, WhatsApp had provided information of such general character that the DPC regarded it as meaningless. Often, users had to go through several links to find FAQs in order to obtain information which they could not find elsewhere on WhatsApp’s website. In that connection the DPC found that it would be unreasonable to expect that users would search the WhatsApp website after not having found adequate information in the declaration of confidentiality.In respect to Article 14, one of the issues was that a user’s consent gave WhatsApp access to the user’s contacts. The DPC found that such data had been illegally processed since such contacts (in particular the ones with no WhatsApp account) had not received any information about this processing and could thus not in any way have provided their consent. Considering the severity and the far-reaching character of the infringements, the DPC concluded that WhatsApp had also violated the transparency principle under Article 5 (1), lit a.Read the decision here: https://edpb.europa.eu/system/files/2021-09/edpb_bindingdecision_202101_ie_sa_whatsapp_redacted_en.pdf
Fine for failing information about tv-surveillanceThe Spanish data protection agency (the AEPD) levies fine of EUR 1,000 against a hairdresser’sThe hairdresser (the data controller) had set up tv-surveillance in the saloon. Meanwhile, the hairdresser had not informed about such data processing according to Article 13 of the GDPR, hence, the AEPD issued a fine against the hairdresser. The AEPD noted that observance of the obligation to inform could have been met by hanging up a poster in the saloon providing such information.Read the decision here (in Spanish) https://www.aepd.es/es/documento/ps-00226-2021.pdf
Danish municipality (Favrskov) reported to the police and should expect a fine for an inappropriate level of securityOn 19 August 2020, the Danish DPA received a notification from the Danish Municipality of Favrskov about a personal data breach. The notification stated that a laptop computer holding names and personal ID numbers of about 100 persons with physically and/or mentally reduced functional capacity had been stolen during a break-in to the offices of the municipality.The harddisk of said computer was not encrypted, and the programme, in which the confidential and sensitive personal data were stored, was not installed with safety measurements for logging the usage of the programme.The DPA established during its investigation of the matter that the municipality also for a long period before 12 August 2020 had not ensured encryption of the municipality’s laptop computer harddisks which entailed an inappropriate level of security.The requirements of Article 32 of the GDPR set out that the municipality has a duty to ensure that data being processed by employees of the municipality are not made available to anyone unauthorised. The DPA found (i) that the municipality had not provided for appropriate technical measurements ensuring a level of security adequate to provide for the risks and rights of the data subjects, and (ii) that Article 32 had been severely violated.Please see the whole press release here (in Danish):https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2021/sep/favrskov-kommune-indstilles-til-boede-
Contact:Henrik Christian Strand, Associated Partner E, email@example.com M, +45 3010 2186Pernille Kristensen, Attorney E, firstname.lastname@example.org M, +45 3010 2224
6th September 2021
The Danish Immigration Service reported to the Police and is facing a DKK 150,000 fine (about EUR 20,200)The Danish DPA initiated the case when they through various media found out that a possible logging error present in an IT system related to two deportation centres could have affected the rights of the residents.In June 2020, several data breaches occurred when an IT system failed to log activities on the residents of the two deportation centres, i.a. regarding the residents’ observation of obligations and rules as immigrants. The failing registration entailed that casework was initiated for reducing some of the residents’ cash benefits and several residents were reported to the police for not observing the provisions under the Danish Aliens Act.The DPA found that the processing of the Danish Immigration Service (DIS) of personal data was in contradiction to the rules on appropriate security measures since the DIS had not implemented procedures for a systematic application of data from the log registering the residents’ activities in the two deportation centres.In addition, the DPA found that the DIS had not identified and taken into account the risks pertaining to the data subjects in connection with the data processing in the system.Finally, the DPA found that the DIS had not carried out adequate backup of the data that was processed in the system which was the reason why the DIS could not regenerate a lot of the data that went missing during the IT failure in June 2020.The DPA noted that where data is used in criminal cases or is used for control measures subject to sanctions, it must be ensured that all activities are logged, and that a safety backup is made with intervals ensuring that data is not lost in the event of IT failures. The DPA also noted that backup procedures must be tested according to a “disaster recovery test” with intervals fixed depending on the risk there may be to the data subjects’ rights.The DPA reasoned its decision by stating that it is important that trustworthiness remains about data which is processed by authorities and forwarded to the police, and which eventually might end up as evidence in court. The DPA assessed that it is very important that such data are correct since it is not only a question of loss of rights on the part of the people at issue, however, it will also entail failing confidence in both authorities and the courts of law if the data are incorrect.Read the whole decision here (in Danish):https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2021/aug/udlaendingestyrelsen-indstilles-til-boede
Fine in consequence of video surveillance conflicting the GDPRThe Norwegian DPA has issued a NOK 100,000 fine (about EUR 9,600) to beauty parlour Waxing Palace AS specialising in hair removal using wax, since the beauty parlour had video monitored the reception in contradiction to the GDPR.It follows from the GDPR that all processing of personal data must be subject to a lawful basis for processing. Following an actual complaint about the usage of a surveillance device in the premises of the beauty parlour, the DPA assessed that the parlour had no lawful basis for the video surveillance, nor did they inform sufficiently about the surveillance. The DPA found that the illegal video surveillance affected both staff and customers of the beauty parlour. The surveillance did not comprise areas of the parlour where treatments were made. Nevertheless, the DPA took into account that the business is of a kind where many customers will expect their visit there to be of a private matter and not a situation which may become subject to video monitoring.Finally, the DPA also noted that the data controller must always inform about its data processing to the data subjects whose personal data is being registered. In the current matter, such information must, among others, ensure that it is clear to the data subject which areas are caught by the camera.The deadline for Waxing Palace AS to file a complaint about the decision was on 20 August 2021.Read the whole decision here (in Danish):https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2021/gebyr-til-waxing-palace-as/
EUR 2 million fine for data processing in connection with a customer loyalty programAccording to the media, the Austrian data protection agency (Datenschutzbehörde) has issued a EUR 2 million fine to JÖ-Bonus Club GmbH, an Austrian multi-partner program through which various benefits can be obtained from different partners.To join the loyalty program, a consent is required. Meanwhile, the consent was constructed in such way that it did not comply with the rules of the GDPR because the consent declaration did not adequately inform that the users consented to profiling. According to the GDPR, information about personal data processing must be in an easily accessible form, using clear and plain language. However, JÖ-Bonus Club had designed the registration for the loyalty program in such way that information about the profiling could only be found if scrolling downwards. The consent itself had been placed higher up so that the consent was obtained before the information about the profiling was made.JÖ-Bonus Club had realised the error and corrected it following an approach from the Austrian DPA. Nevertheless, the processing of data on approx. 2.3 million individuals, who had already provided their (invalid) consent, continued.The DPA concluded that JÖ-Bonus Club had breached its obligation to provide a consent in an easily accessible form, using clear and plain language. Therefore, the DPA found that the consents were invalid and that the profiling made on the basis of said consents was illegal. It was considered an aggrevating circumstance that the processing continued regardless JÖ-Bonus Club knowing that the consents obtained were invalid.
Contact:Henrik Christian Strand, Associated Partner E: email@example.com M: +45 3010 2186Pernille Kristensen, Attorney E: firstname.lastname@example.org M: +45 3010 2224
11th August 2021 Recordings of phone conversations without prior consent made by the Danish Business Authority drew criticism from the Danish Data Protection Agency.
2nd June 2021
Court of law approves the opportunity for compensation in the event of a non-pecuniary loss following a data breachAt the end of 2018, four PCs were stolen from the town hall of Gladsaxe. A spreadsheet was stored on the local drive of one of the PCs containing personal data on 20,620 citizens for inter-municipal reimbursement purposes. The personal data consisted of personal ID numbers, names, addresses and in some cases summarising information about housing benefits and health information.
6th May 2021
Application of old TLS version drew criticism from the Danish DPAWhen looking into a case initiated by the DPA itself, the DPA established that the self-service solution available with the Police for applying for a firearms certificate (www.digimeld.politi.dk/vaaben/HTML/index.aspx?type=p70401) - during which your personal ID number must be entered - warns you about the page using weak encryption and that unauthorised persons in consequence thereof may have access to the data that is entered.The self-service solution only supported TLS version 1.0, but the Danish National Police had stated that this version was the best, which the said solution could support, and that work was in progress for replacing it.The DPA stated that forms and web-solutions for processing personal data are subject to safety requirements, including in particular that the data controller must ensure that personal data do not become accessible to anyone unauthorised. Data that can be characterised as worthy of protection, including information on personal ID numbers, must therefore be ensured in such way that the contents cannot be accessed by anyone unauthorised, which is done by encrypting the transport layer (TLS) subject to version 1.2 or higher versions.The DPA established that TLS versions 1.0 and 1.1 contain known vulnerabilities which do not ensure the necessary confidence and integrity of the data being exchanged. Hence, the DPA found grounds for criticising the Danish National Police for not processing personal data in compliance with the rules provided for in Article 32.1 of the GDPR.Read the whole decision here (in Danish):https://www.datatilsynet.dk/tilsyn-og-afgoerelser/afgoerelser/2021/apr/utilstraekkelig-kryptering-i-selvbetjeningsloesning-hos-politiet
Fine for disclosing video surveillanceNorwegian car wash business Miljø- og Kvalitetsledelse AS has been fined NOK 35,000 (about EUR 3,500) by the Norwegian DPA for illegally disclosing personal data from a video surveillance.When malicious damage was made to a purchase terminal, Miljø- og Kvalitetsledelse AS sent uninvited recordings and data from the video surveillance of the car wash system to the employer of the person, which Miljø- og Kvalitetsledelse AS assumed had caused the malicious damage.The DPA found that the disclosure lacked legal basis and was contrary to Articles 6.1 and 5.1 (a) of the GDPR. The recordings had already been surrendered to the Police, and the DPA found the forwarding of the recordings to the data subject’s employer unnecessary for preventing and clarifying the malicious damage.Miljø- og Kvalitetsledelse AS have an appeal period of 3 weeks from the time of receiving the decision.Read the whole decision here (in Norwegian).https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2021/miljo--og-kvalitetsledelse-as-far-gebyr/
District Court of the Hague reduces administrative fine by 24%The Dutch DPA had imposed an administrative fine of EUR 460,000 on a hospital in consequence of violating Article 32 of the GDPR when failing to implement satisfactory measurements for protecting patients’ personal data.The fine constituted a basic fine of EUR 310,000 plus two additional fines of each EUR 75,000, totaling EUR 460,000 in consequence of the hospital not having implemented two-factor authentication, and not having made regular controls on logins for access to medical records.The case was brought before the District Court of the Hague who found the fine too high. The court did not find the basic fine of EUR 310,000 unreasonable, but the additional fines should be reduced since the hospital had taken steps to prevent that personal data found on digital platforms could be accessed by unauthorised staff.Furthermore, during the objection period, the hospital had implemented two-factor authentication and intensified logins, which the court considered a willing to cooperate, hence the fine was reduced to a total of EUR 350,000.Read the whole decision here (in Dutch).https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBDHA:2021:3090
Contact:Henrik Christian Strand, Associated PartnerE: email@example.comM: +45 3010 2186Pernille Kristensen, AttorneyE: firstname.lastname@example.orgM: +45 3010 2224
12th April 2021 Decision delivered in France may greatly impact the option of legally using European subsidiaries with parent companies in the USA for hosting of data.
8th March 2021
Phone conversations recorded by on-call GPsA Danish citizen had filed a complaint about her phone conversation with an on-call GP in the Region of Southern Denmark being recorded and the fact that the on-call GP subsequently denied to erase the recordings. The Danish Data Protection Agency found that it was alright for the on-call GP to record phone conversations, but on the other hand found that the GP generally saved the recordings for too long. During the case it was revealed that the on-call GP in question had recorded and saved approx 7.5 million conversations since January 2013.
23rd February 2021 The Western Division of the Danish High Court had previously acquitted a Danish municipality in a case where the municipality’s mechanical ditch cleaners had caused damage to a telecommunications cable situated in a roadside ditch.
Employer acquitted of liability – workplace, person to be charged, instructions and supervision was at issue3rd February 2021 On 5 July 2019, one of the Danish district courts (the District Court of Herning) found that a master painter was liable for compensation in connection with an injury accident caused when an apprentice fell off a balcony and suffered severe head injuries.
1st February 2021 Norwegian company fined EUR 95,000 for insufficient basis for processingInnovation Norway carried out four credit ratings of a one-man business, which the owner of the business complained about to the Norwegian data protection authority. The credit ratings were made over a 3-month period. Innovation Norway was not able to identify any customer relation or connection to the owner or his business justifying said credit ratings, and therefore the Norwegian DPA decided that there was no basis for processing. The DPA issued a fine amounting to approx EUR 95,000 (NOK 1 million).
5th January 2021 2020 is drawing close to an end, and also in terms of the GDPR, it is a fact that COVID-19 has taken up massive attention. New questions arose, to which answers were needed, e.g.: Is it allowed for an employer to register data about COVID-19? Is it allowed to transfer data about COVID-19? Where can such data be stored? In several countries, an app was launched as an additional aid for contagion tracing. In addition to such apps, which helped break the chains of infection more rapidly for countries’ own citizens, other apps were introduced to foreign citizens travelling though or to a particular country. As a result, more questions arose since the laws of several countries were to be observed too. Holst, Advokater provided advice to the Robert Koch Institute and the German Ministry of Health about the possibility of extending access to download the German COVID-19 app in Denmark and for Danish citizens.
5th January 2021 Danish municipality reported to the Police and is facing EUR 6,700 fineThe Danish Data Protection Agency (the DPA) has reported the municipality of Guldborgsund to the Police and recommended a fine of EUR 6,700 (DKK 50,000) since the municipality failed to act with necessary alertness in connection with a security breach.
5th January 2021 The Irish DPA fines Tusla Child and Family Agency EUR 75,000 In May 2020, the Tusla Child and Family Agency (Tusla) was imposed with an administrative fine of EUR 75,000, which has now been heard and confirmed by an Irish court of law.
9th November 2020 All-time high fine of GBP 20 million imposed on British Airways for data breachThe Information Commissioner’s Office (the ICO) has given a penalty notice of GBP 20 million (about EUR 22 million) to British Airways (BA) for infringements of the GDPR in 2018 affecting more than 400,000 of the company’s customers.
15th October 2020 In 2019, the Finnish DPA received complaints on the electronic direct marketing and neglection of rights of the data subject, contrary to what is provided for under the GDPR. The topics of direct marketing included various courses within building supply and asbestos removal. The data subjects reported that they had received direct marketing messages from the company without consenting to it first. Some of the data subjects had responded to the marketing message and requested the controller to stop sending such messages. Despite this, the data subjects still received direct marketing messages from the controller.
3rd September 2020 Danish DPA commits personal data breach and misses the 72-hour notification deadline
18th August 2020 Fine of approx. EUR 28,000 issued due to unlawful basis for processing
3rd August 2020
Publication of club magazines from the early 1980s found lawful
On 16 June 2020, the Danish Data Protection Agency (DPA) decided in a matter in which a citizen had complained about a sailing club that had posted three club magazines from 1981 and 1982 on the internet, thereby revealing information on the name, former address, age and a photo of the complainant, and the sailing club had refused to delete this information.
9th July 2020 If you are considering hiring or posting employees to Denmark, you must be familiar with Danish labour market regulations and you must comply with such. Holst, Advokat has prepared a general guide to employment law and labour law in Denmark.
2nd July 2020
The Danish medicinal cannabis pilot programme runs until 31 December 2021. The programme entails that licences can be issued for the import of cannabis for Danish patients, and companies may apply for a license to cultivate, produce and distribute medicinal cannabis in Denmark. In parallel to the pilot programme, a development scheme has been introduced making it possible to apply for a cannabis cultivation and handling licence with a long-term view to producing cannabis suitable for medicinal use.
2nd July 2020 On 1 January 2020, a new version of Incoterms rules came into force. The new version contains clarifications and modifications which your company should be aware of when applying the rules.
19th June 2020
Since 1 January 2018, Danish doctors have had the opportunity of prescribing cannabis products for their patients; A four-year medicinal cannabis pilot programme has been introduced in Denmark implying that licences for importing cannabis for Danish patients can be issued. Today it is also possible to cultivate, produce and distribute medicinal cannabis in Denmark. In parallel to the pilot programme, a development scheme has been introduced making it possible to apply for a cannabis cultivation and handling licence with a view to producing cannabis suitable for medicinal use.
The schemes have entailed the creation of hundreds of new jobs in Denmark, and the production of medicinal cannabis is expected to become an important export article.