Faroe Islands: Authority requires municipality to implement processes regarding personal information handling
The Faroe Islands Data Protection Authority ('the Authority') announced, on 12 February 2021, that it had ordered a municipality to implement appropriate Human Resources for handling personal information under the Act No. 80 of 7 June 2020 on the Protection of Personal Data ('the Act'), following an investigation.
Background to the case
In particular, the Authority outlined that it had investigated the application of the rules on access and deletion of personal information in the municipality.
Findings of the Authority
In light of its investigation, the Authority determined it to be probable that at least one breach of security had occurred, whereby information from the municipality's database had been accessed without authorisation and was provided to third parties.
Ultimately, the Authority ordered the municipality to ensure that amendments to its handling of personal information within its databases were implemented no later than 15 March 2021.
You can read the press release, only available in Danish, here.