The Royal Theater, Det Kongelige Teater, in Copenhagen, Denmark, has been reported to the police for not having appropriate procedures to delete customer data for marketing purposes.
The Danish Data Protection Authority, Datatilsynet, which made the report, found that the theater stored information on approximately 520,000 customers and newsletter recipients for marketing purposes without having set up deletion deadlines, or having procedures or guidelines to delete customer data.
The Danish Data Protection Authority started investigating the Royal Theater in September 2022 and found, besides the lack of procedures and guidelines, that the theater was already were aware of its faults. It was also found that the Royal Theater only deleted data when customers asked it to, or when they revoked their consent to receive direct marketing.
The Royal Theater only started to prepare and implement a deleting policy when the investigation commenced, the Authority says.
For the marketing misuse and not having proper procedures for deleting data, the Danish Data Protection Authority is proposing a fine of DKr250,000 ($36,663).