Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Faroe Islands: Authority orders hospital to establish data breach records and procedures

The Faroe Islands Data Protection Authority ('the Authority') announced, on 21 September 2021, that it had completed its investigation into Landssjúkrahúsinum, the national hospital of the Faroe Islands, in which it ordered Landssjúkrahúsinum to amend its personal data processing in line with the Act No. 80 of 7 June 2020 on the Protection of Personal Data ('the Act'). 

Background to the investigation

In particular, the Authority launched its investigation into the handling of breaches of personal data at Landssjúkrahúsinum.

Findings of the Authority

Accordingly, the Authority found that employees at Landssjúkrahúsinum did not maintain a detailed description of how data breaches should be handled in accordance with the Act. 


Therefore, the Authority ordered Landssjúkrahúsinum to create a document regarding the handling of data breaches, which should contain, among other things, a description of a data breach, whether it should be handled at Landssjúkrahúsinum, and which measures should be implemented to reduce the impact of a data breach. Furthermore, the Authority requested that Landssjúkrahúsinum send a written communication to all employees, informing them of how data breaches should be handled and, crucially, that Landssjúkrahúsinum has a duty to record any data breaches. 

You can read the press release, only available in Danish, here.