Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Faroe Islands: Authority reports unnamed company to police and recommends DKK 15M for insufficient technical and organizational measures
On May 16, 2024, the Faroe Islands Data Protection Authority (the Authority) announced that it reported an unnamed company to the police and recommended that a fine of DKK 15 million (approx. $2.18 million) for violating Section 46 of Act No. 80 of June 7, 2020, on the Protection of Personal Data (the Data Protection Act).
Background to the case
The Authority noted that in August 2022, the company notified the Authority that it had suffered a ransomware attack, affecting the company's access to information. The ransomware attack was said to have affected both employee and customer data.
Findings of the Authority
Following its investigation, the Authority found that the company had violated Section 46 of the Data Protection Act. The Authority highlighted that the company had not carried out any risk assessment before the ransomware attack took place and did not have appropriate technical and organizational measures in place.
Outcomes
In light of the above, the Authority reported the company to the police and recommended to the police that a fine of DKK 15 million (approx. $2.18 million) be imposed on the company.
You can read the decision, only available in Faroese, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
