Skip to main content

The Ísland.is App

Data Protection Authority Frontpage
Data Protection Authority Frontpage

Data Protection Authority

Processing personal information by category

The Data Protection Authority's guidance on Data Protection is divided into categories. It can be found on the Island.is centralised service portal.

Data protection law and key concepts

The Data Protection Act states how organizations, companies and the government may work with personal data of individuals.

More on data protection law and key concepts

Rights of the data subject

Individuals enjoy various rights regarding the processing of personal data.

More on réttindi of the data subject

Obligations of controllers and processors

Before the processing of personal data begins, it is necessary to define who is considered the controller of the processing, whether there is a joint controller and whether it is possible to enter into a contractual relationship with the processor or even a subprocessor, as appropriate.

More on obligations of controllers and processors

Children and privacy

Children's privacy is specially protected. Information on childrens personal data in schools, sports and leisure clubs, distance learning, marketing towards children.

More on children's privacy

The cloud

The Data Protection Act applies to the processing of data in the cloud.

More on cloud computing

Collection of signatures

Collecting signatures on the Internet is considered the processing of personal information that falls under the scope of the Data Protection Act.

More on collection of signatures and data protection

Data protection impact assessment and prior consultation

Sometimes there is a need to do a so-called data protection impact assessment and if the outcome of that is a specific way there might be a duty to ask for a prior-consultation with the Data Protection Authority.

More on a data protection impact assessment and prior-consultations

Electronic ID and privacy

More on electronic IDs

Online expression and media coverage

Online postings, social media communications and media coverage

Online expression and media

Financial information

Information on default register and credit rating, alternative payments in home banking, publication of income information

More on financial information

Health data

Rules regarding information in medical records and participation in scientific research.

More on health data

Marketing and National Registries ban lists

Marketing, the National Register's ban list and personal protection

More on marketing and national registries ban list

Privacy in the workplace

Employment and contracts, emails, tachographs, processing of personal information at the workplace, electronic IDs.

More on data protection at work

Schengen databases

Schengen databases and where you can request information from them.

Further information on the Schengen databases and data protection

Security of personal data and data breaches

Information on security of personal data and data breaches

More on security of personal data and data breaches

Service- and repair history of cars

By sharing information about the service and repair history of cars, the processing of personal information can take place, which must be based on legal grounds according to data protection legislation.

More on service and repair history of cars

Use of identification numbers

The Data Protection Act states that the use of identification numbers is only permitted if it has a legitimate purpose and is necessary to ensure secure identification.

Use of identification numbers and data protection

Data Protection Authority

Contact us

postur@personuvernd.is

Telephone: (+354) 510 9600

Opening hours

Weekdays from 9 am to 12 pm and 1 pm to 3 pm

Telephone consultation on Thursdays from 9 am to 12 pm

Address

Laugavegur 166, 4th floor

105 Reykjavík, Ísland

Identification number: 560800-2820

Data protection policy