Arp-Hansen Hotel Group A/S should be fined $175,000 (1.1 million kroner) for failing to delete thousands of guest profiles, Denmark’s Data Protection Authority said.
The Copenhagen-based hotel chain stored about 500,000 profiles for no legitimate reason, the regulator said Tuesday, citing a 2018 audit of the company.
The fine recommended to Danish law enforcers shows the clout national data regulators have under the European Union’s General Data Protection Regulation. The privacy statute limits the storage of personal data to the time necessary to process it.
“We are not aware of the company using the stored data for any illegitimate purpose,...