Skip to content
News
EN

Datatilsynet (Denmark) - 2025-431-0065

GDPRhub

Content

The DPA severely criticised a controller after it wrongly denied access to a data subject to a recorded telephone conversation between them and later gave incorrect information that it had been deleted. English Summary. Facts. A data subject submitted an access request to Securitas A/S, a security company (the controller), seeking access to a recording of a telephone conversation between them. The controller refused the request, stating that it was not permitted under the GDPR to disclose telephone conversations. The data subject lodged a complaint with the Danish DPA (Datatilsynet). The DPA subsequently sent an informational letter to the controller, highlighting its obligations under Article 15 GDPR. The data subject later informed the DPA that the controller had stated that it no longer had the relevant recording because it retained recorded telephone calls for three months. On that basis, the DPA launched an investigation into the controller’s general handling of access requests, i

Related across sources

Similar Content