Hotel group fined approx 148,000 euros for failing to delete over 500,000 customer profiles

If you have old contacts sitting around in your CRM or email marketing software, now is the time to delete them. Because recent cases tell us, regulators are paying increasing attention to GDPR’s requirement to only keep data for as long as you need it.

On the 27th of August 2020, Danish data protection authority Datatilsynet published that they intend to fine hotel chain Arp-Hansen Hotel Group DKK 1.1 million (approx 148,000 euros) for failing to delete customer profiles in accordance with their own data policy. The Arp-Hansen Hotel Group operates 12 high-end hotels in Copenhagen and Aarhus

The ruling is based after a 2018 audit by the data authority. Datatilsynet reported that over 500,000 profiles which should have been deleted remained on their systems.

“In a society where our personal data is increasingly being registered and exploited, it is crucial that we as citizens can have confidence that our personal data is processed for objective purposes and that it is only stored for as long as is necessary,” Datatilsynet Office Manager Frederik Viksøe Siegumfeldt said.

The original disclosure, in Danish is available to read here.