The Danish Data Protection Authority fined Arp-Hansen Hotel Group DKK 1,100,000 (approximately €147,675) because Arp-Hansen stored the personal data of over 500,000 persons, when those data profiles should have been deleted, according to the GDPR. No data breach was known to occur, but the simple fact that the company had stored the data resulted in the DPA recommending a substantial fine.