The Danish Data Protection Agency (Datatilsynet) has initiated an investigation into the Capital Region of Denmark’s handling of personal data related to a research project. The probe centers on a researcher’s access to millions of citizens’ hospital records.

The Data Protection Agency’s investigation follows media reports concerning the project. The agency has requested the region provide details about its data protection assessments conducted before processing personal data for the project.

Last week, reports emerged that a researcher from the Capital Region of Denmark’s psychiatry department was granted access to information from 3.65 million individuals’ hospital records without their knowledge or consent. The research aims to explore the causes and effects of mental illness.

The Data Protection Agency, an independent body overseeing data protection compliance, stated that any illegal processing of personal data could lead to the termination of the processing, along with the deletion of all personal data and results derived from it.