The Faroe Islands Data Protection Authority ('the Authority') published, on 23 July 2021, its statement in which it outlined that, as a result of an inquiry it had launched to verify compliance with Article 47 and 48 of Act No. 80 of 7 June 2020 on the Protection of Personal Data ('the Act') by some entities:

• it had dismissed the inquiry with regard to BankNordik, Trygd, NordikLív, Betri Banka, Betri Trygging, Betri Pensjón, Suðuroyar Sparikassi, Lív, Thetis, Taks, Almannaverkið, and Familjufyrisitingina; and
• the inquiry into Norðoya Sparikassa and Landssjúkrahusinn remained ongoing.

Background to the case

In particular, the Authority noted that it had launched an inquiry, pursuant to Article 68 of the Act, to ensure that the processing of personal data was in compliance with the Act, specifically with regards to the provisions on personal data breach.

Findings of the Authority

Further to the above, the Authority held that 12 of the 14 entities concerned had confirmed their compliance, noting that their employees are familiar with the requirements in case of data breaches. As such, the Authority outlined that no further action was required. However, with regard to Norðoya Sparikassa and Landssjúkrahusinn, the Authority highlighted that the inquiry was still ongoing.

Outcomes

In conclusion, the Authority concluded the inquiry into BankNordik, Trygd, NordikLív, Betri Banka, Betri Trygging, Betri Pensjón, Norðoya Sparikassa, Lív, Thetis, Taks, Almannaverkið, and Familjufyrisitingina, as the same were found in compliance with the Act, while it continued the inquiry into Norðoya Sparikassa and Landssjúkrahusinn.

You can read the press release, only available in Danish, here.