Privacy Law at Iceland
Iceland's data protection framework is governed by Act No. 90/2018 on Data Protection and the Processing of Personal Data, which aligns with the European Union's General Data Protection Regulation (GDPR). This legislation establishes comprehensive guidelines for the processing of personal data and the protection of individuals' privacy rights.
🇮🇸 Key Provisions of Iceland's Data Protection Act
1. *Alignment with GDPR
Iceland's Data Protection Act incorporates the provisions of the GDPR, ensuring consistency in data protection standards across the European Economic Area (EEA. This includes regulations on data subject rights, lawful bases for processing, and obligations for data controllers and processor.
2. *Data Subject Rights
Individuals in Iceland are entitled to the following rights under the Data Protection Ac:
Right to Access Obtain confirmation of data processing and access to personal data hel.
Right to Rectification Request correction of inaccurate or incomplete dat.
Right to Erasure Request deletion of data when it's no longer necessary or if consent is withdraw.
Right to Restriction of Processing Limit the processing of personal data under certain condition.
Right to Data Portability Receive personal data in a structured, commonly used, and machine-readable forma.
Right to Object Object to data processing based on legitimate interests or for direct marketing purpose.
3. *Data Protection Authority – Persónuvernd
The Icelandic Data Protection Authority, known as Persónuvernd, is responsible for overseeing compliance with the Data Protection Ac. It has the authority t: Conduct investigations and audit. Issue warnings and reprimand. Impose administrative fines up to €20 million or 4% of global turnover, whichever is highe. Order the cessation of unlawful data processing activitie. Persónuvernd also handles complaints from individuals regarding data protection violations and provides guidance on data protection matter.
4. *Enforcement and Penalties
Violations of the Data Protection Act can result i:
Monetary Penalties Fines for breaches of data protection obligation.
Operational Restrictions Suspension or prohibition of data processing activitie.
Legal Actions Lawsuits initiated by affected individuals or entitie. For instance, in 2023, a healthcare provider was fined ISK 100 million for insufficient security measures and unauthorized access to personal dat. Similarly, a financial institution was fined ISK 75 million in 2022 for failing to implement appropriate data protection measurs
📌 Summay
Iceland's data protection laws, underpinned by the Data Protection Act and aligned with the GDPR, provide a robust framework for safeguarding individuals' privacy righs The active role of Persónuvernd ensures compliance and enforcement, promoting transparency and accountability in data processing activitis.
RELATED Blog
0 comments