Faroe Islands: Authority orders hospital to establish data breach records and procedures
The Faroe Islands Data Protection Authority ('the Authority') announced, on 21 September 2021, that it had completed its investigation into Landssjúkrahúsinum, the national hospital of the Faroe Islands, in which it ordered Landssjúkrahúsinum to amend its personal data processing in line with the Act No. 80 of 7 June 2020 on the Protection of Personal Data ('the Act').
Background to the investigation
In particular, the Authority launched its investigation into the handling of breaches of personal data at Landssjúkrahúsinum.
Findings of the Authority
Accordingly, the Authority found that employees at Landssjúkrahúsinum did not maintain a detailed description of how data breaches should be handled in accordance with the Act.
Therefore, the Authority ordered Landssjúkrahúsinum to create a document regarding the handling of data breaches, which should contain, among other things, a description of a data breach, whether it should be handled at Landssjúkrahúsinum, and which measures should be implemented to reduce the impact of a data breach. Furthermore, the Authority requested that Landssjúkrahúsinum send a written communication to all employees, informing them of how data breaches should be handled and, crucially, that Landssjúkrahúsinum has a duty to record any data breaches.
You can read the press release, only available in Danish, here.