Denmark: Labor Law Reforms Strengthen Personal Data Protections

By Marcus Hoy

Denmark’s parliament is due to approve a number of laws that may affect companies’ HR procedures, a Copenhagen-based attorney told Bloomberg BNA Oct. 16. Marianne Granhoj of the Kromann Reumert legal firm said that affected companies should be aware that new internal measures may be needed to ensure compliance. Of special interest, she said, was a significantly tougher sanction regime for personal data breaches.

The changes include:

•  Effective by the end of October. a new data protection regulation will significantly increase sanctions for personal data breaches and require employee consent before companies can process personal information.

•  Also by the end of October, amendments to the Working Environment Act will reserve charges of noncompliance following a workplace inspection to serious infractions. In the event of a minor breach, a dialog with the company will be opened.

•  A second amendment to the Working Environment Act expected to take effect in February 2018 will allow the Work Environment Authority to conduct one-on-one interviews with employees regarding the psychological work environment. Employer representatives will be invited to participate in group discussions.

•  Expected by the end of November, the Discrimination Act will be amended to specifically prohibit discrimination directly related to disability.

•  Effective in February 2018, changes to the Immigration Act will introduce tougher sanctions for employers that knowingly employ undocumented workers.

•  Amendments to the Offshore Safety Act due to take effect the end of October will transfer responsibility for the regulation of “no sail” or safety zones around offshore installations from the Danish Energy Agency to the Working Environment Authority.

Other measures previously reported by Bloomberg BNA include making permanent an existing rule under which employees who fall seriously ill continue to receive sickness benefits after their state-sponsored insurance payments would normally expire and a new vacation accrual process aimed at allowing employees to take a paid vacation during their first year of employment

Penalty Ceiling Raised Sixfold

The main effect of the new data protection regulation on employers, Granhoj told Bloomberg BNA, will be the risk of increased fines. While fines have so far not exceeded 25,000 kroner ($4,000) for personal data breaches, the new rules will allow fines up to 20 million euros ($23.58 million) or 4 percent of a company’s global revenue.

“The new Personal Data Regulation does not introduce significant changes to the actual requirements for processing employee personal data, but the higher level of fines means that employers now have to make sure that they meet the existing requirements,” Granhoj said. “Employers will, for example, need to introduce fixed procedures that ensure that their current and former employees’ personal data is updated and complete, not kept longer than necessary, and does not include sensitive information unless there is a particular basis for it. In addition, employers will also be subject to general updated requirements contained in the regulation, including a notification obligation for data security breaches.”

Most of the draft amendments were presented in connection with the opening of the nation’s parliament on Oct. 3, 2017.

To contact the reporter on this story: Marcus Hoy in Copenhagen at correspondents@bna.com

To contact the editor responsible for this story: Rick Vollmar at rvollmar@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.