TheArtOfService
Cross-Framework Mapping

Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)vsIowa Consumer Data Protection Act

See exactly how Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) controls map to Iowa Consumer Data Protection Act. Pre-computed mappings, identified gaps, and coverage analysis.

15
Controls Mapped
0
Gaps Found
62%
Coverage

According to the TheArtOfService Compliance Knowledge Graph:

Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) maps to Iowa Consumer Data Protection Act with 62% coverage across 5 directly mapped controls. Analysis of 8 Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) controls identifies 3 compliance gaps — primarily concentrated in Iceland Act 90/2018 Sectoral.

Source: TheArtOfService Knowledge Graph | 8 controls analysed | 701 frameworks | 337K+ cross-framework mappings

Control Mappings

Showing 15 of 15 mapped controls across 5 domains. Sign up to explore all 337K+ mappings across 701 frameworks.

Iceland Act 90/2018 Chap 3 - Rights(2 mappings)

ICELAND-Act90-Chap3-Transparency-DataSubjectRights-Access-Rectification-ErasureIceland Act 90/2018 - Chapter III Transparency + Data Subject Rights (Articles 14-23) - Access + Rectification + Erasure + Portability + Object + Automated Decisions2 targets
ICDPA-ConsumerRights-Access-Delete-Portability-OptOut-Sale-Appeal-90Day-NO-Right-To-Correction-Authorised-AgentIowa CDPA Consumer Rights - Access + Delete + Portability + Opt-Out of Sale + 90-Day Response + Appeal + Authorised Agent + NO Right to Correction + NO Profiling Opt-Out + Free First Per Year
ICDPA-Controller-PrivacyNotice-PurposeLimitation-DataMinimisation-Sale-Disclosure-Transparency-LawfulBasisIowa CDPA Controller Obligations - Privacy Notice + Purpose Limitation + Data Minimisation + Sale Disclosure Statement + Targeted Advertising Disclosure + Privacy by Design + Lawful Processing

Iceland Act 90/2018 Chap 4 - Controller Obligations + DPO(4 mappings)

ICELAND-Act90-Chap4-ControllerObligations-PrivacyByDesign-Processor-RoPA-DPOIceland Act 90/2018 - Chapter IV Controller Obligations + Privacy by Design + Processor + RoPA + DPO (Articles 24-26 + 35)4 targets
ICDPA-Controller-PrivacyNotice-PurposeLimitation-DataMinimisation-Sale-Disclosure-Transparency-LawfulBasisIowa CDPA Controller Obligations - Privacy Notice + Purpose Limitation + Data Minimisation + Sale Disclosure Statement + Targeted Advertising Disclosure + Privacy by Design + Lawful Processing
ICDPA-Processor-Contracts-DPA-Subprocessor-Confidentiality-Audit-EndOfContract-Iowa-Code-715D-7Iowa CDPA Processor Contracts - Data Processing Agreement (DPA) + Required Provisions + Subprocessor Approval + Confidentiality + End of Contract Deletion + Audit Rights + Assistance
ICDPA-Scope-SF262-2023-Kim-Reynolds-IA-Code-715D-Effective-1Jan2025-Applicability-100K-25K-50pct-Utah-TemplateIowa CDPA Scope + Senate File 262 + Governor Kim Reynolds 28 March 2023 + Iowa Code Chapter 715D + Effective 1 January 2025 + Applicability Thresholds + Utah CDPA Template Parent + Exemptions
ICDPA-Security-ReasonablePractices-Breach-Notification-Iowa-Code-715C-Records-Encryption-PseudonymisationIowa CDPA Security + Reasonable Practices + Iowa Personal Information Security Breach Notification Law (Iowa Code 715C) + Records + Encryption + Pseudonymisation

Iceland Act 90/2018 Chap 4 - Security + Breach + DPIA(5 mappings)

ICELAND-Act90-Chap4-Security-BreachNotification-DPIA-Personuvernd-72hrIceland Act 90/2018 - Chapter IV Security of Processing + Breach Notification + DPIA (Articles 27-29)5 targets
ICDPA-ConsumerRights-Access-Delete-Portability-OptOut-Sale-Appeal-90Day-NO-Right-To-Correction-Authorised-AgentIowa CDPA Consumer Rights - Access + Delete + Portability + Opt-Out of Sale + 90-Day Response + Appeal + Authorised Agent + NO Right to Correction + NO Profiling Opt-Out + Free First Per Year
ICDPA-Controller-PrivacyNotice-PurposeLimitation-DataMinimisation-Sale-Disclosure-Transparency-LawfulBasisIowa CDPA Controller Obligations - Privacy Notice + Purpose Limitation + Data Minimisation + Sale Disclosure Statement + Targeted Advertising Disclosure + Privacy by Design + Lawful Processing
ICDPA-Enforcement-90DayCure-AttorneyGeneralOnly-NoPrivateRight-CivilPenalties-7500-PerViolation-Longest-CureIowa CDPA Enforcement - Attorney General Exclusive + 90-Day Cure Period (LONGEST among US State Privacy Laws) + No Private Right of Action + Civil Penalties Up to USD 7500 Per Violation
ICDPA-Scope-SF262-2023-Kim-Reynolds-IA-Code-715D-Effective-1Jan2025-Applicability-100K-25K-50pct-Utah-TemplateIowa CDPA Scope + Senate File 262 + Governor Kim Reynolds 28 March 2023 + Iowa Code Chapter 715D + Effective 1 January 2025 + Applicability Thresholds + Utah CDPA Template Parent + Exemptions
ICDPA-SensitiveData-Notice-OptOut-NotConsent-Children-COPPA-Alignment-De-IdentificationIowa CDPA Sensitive Data + Notice + Opt-Out (NOT Consent unlike VCDPA) + Children Under 13 + COPPA Alignment + De-Identification Standards + Heightened Risk Awareness

Iceland Act 90/2018 Chap 5 - Cross-Border(3 mappings)

ICELAND-Act90-Chap5-CrossBorder-EEA-AdequacyDecisions-SCC-BCRIceland Act 90/2018 - Chapter V Cross-Border Transfer of Personal Data + EEA + Adequacy + SCCs + BCRs + Article 30 Privacy Policy3 targets
ICDPA-Controller-PrivacyNotice-PurposeLimitation-DataMinimisation-Sale-Disclosure-Transparency-LawfulBasisIowa CDPA Controller Obligations - Privacy Notice + Purpose Limitation + Data Minimisation + Sale Disclosure Statement + Targeted Advertising Disclosure + Privacy by Design + Lawful Processing
ICDPA-Processor-Contracts-DPA-Subprocessor-Confidentiality-Audit-EndOfContract-Iowa-Code-715D-7Iowa CDPA Processor Contracts - Data Processing Agreement (DPA) + Required Provisions + Subprocessor Approval + Confidentiality + End of Contract Deletion + Audit Rights + Assistance
ICDPA-Security-ReasonablePractices-Breach-Notification-Iowa-Code-715C-Records-Encryption-PseudonymisationIowa CDPA Security + Reasonable Practices + Iowa Personal Information Security Breach Notification Law (Iowa Code 715C) + Records + Encryption + Pseudonymisation

Iceland Act 90/2018 Chap 6 - Personuvernd + Enforcement(1 mappings)

ICELAND-Act90-Chap6-Personuvernd-Enforcement-AdminFines-AAB-Appeals-CriminalPenaltiesIceland Act 90/2018 - Chapter VI Personuvernd Authority + Investigation + Administrative Fines + Penal Code Section 228 + Court Appeals
ICDPA-Enforcement-90DayCure-AttorneyGeneralOnly-NoPrivateRight-CivilPenalties-7500-PerViolation-Longest-CureIowa CDPA Enforcement - Attorney General Exclusive + 90-Day Cure Period (LONGEST among US State Privacy Laws) + No Private Right of Action + Civil Penalties Up to USD 7500 Per Violation

Related Comparisons

Other Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) comparisons

Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs Ley Orgánica de Protección de Datos Personales (LOPDP)5 mappingsIceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs Law No. 172-13 on the Protection of Personal Data5 mappingsIceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs Indonesia PDP Law5 mappingsIceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs Indiana Consumer Data Protection Act5 mappingsIceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs India DPDP Act5 mappingsIceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs IEEE 70005 mappingsIceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs Privacy Act 1988 (Australia)5 mappingsIceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) vs Bahrain PDPL5 mappings

Other Iowa Consumer Data Protection Act comparisons

Ley Orgánica de Protección de Datos Personales (LOPDP) vs Iowa Consumer Data Protection Act7 mappingsLaw No. 172-13 on the Protection of Personal Data vs Iowa Consumer Data Protection Act7 mappingsPrivacy Act 1988 (Australia) vs Iowa Consumer Data Protection Act7 mappingsBahrain PDPL vs Iowa Consumer Data Protection Act7 mappingsSwitzerland FADP vs Iowa Consumer Data Protection Act7 mappingsFederal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) vs Iowa Consumer Data Protection Act7 mappingsIndiana Consumer Data Protection Act vs Iowa Consumer Data Protection Act7 mappingsAPPI vs Iowa Consumer Data Protection Act7 mappings

Stop Paying Consultants to Read Spreadsheets

AI-powered compliance intelligence across 701 frameworks — at a fraction of consulting costs.

$0/forever

Free

  • 701 framework browser
  • Cross-framework mappings (337K+)
  • 824 compliance assessments
  • 3 AI queries & searches per day
Get Started Free
Recommended
$49/month

Professional

  • Unlimited AI Compliance Advisory
  • Unlimited full-text search
  • Framework self-assessment
  • PDF, Excel & CSV exports
Start 7-Day Free Trial →

Popular framework comparisons

NIST CSF vs NIST 800-53ISO 27001 vs NIST CSFCMMC vs NIST 800-53FedRAMP vs NIST 800-53NIST CSF vs SOC 2HIPAA vs NIST 800-53ISO 27001 vs SOC 2ISO 27001 vs ISO 27701

What are the key differences between Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) and Iowa Consumer Data Protection Act?

Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) has 8 controls across its framework, while Iowa Consumer Data Protection Act covers 8 controls. Direct mapping analysis identifies 5 overlapping controls (62% coverage). The frameworks diverge most significantly in Iceland Act 90/2018 Sectoral, where 1 Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) controls have no direct Iowa Consumer Data Protection Act equivalent.

How many controls map between Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) and Iowa Consumer Data Protection Act?

Of 8 total Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) controls, 5 map directly to Iowa Consumer Data Protection Act controls — representing 62% coverage. The remaining 3 controls represent compliance gaps requiring additional documentation or compensating controls to satisfy both frameworks simultaneously.

What are the compliance gaps when mapping Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) to Iowa Consumer Data Protection Act?

3 Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) controls have no direct equivalent in Iowa Consumer Data Protection Act. The highest concentration of gaps is in Iceland Act 90/2018 Sectoral with 1 unmapped controls. These gaps represent areas where additional controls, policies, or documentation must be created to achieve compliance with both frameworks.

Which control domains have the most gaps between Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) and Iowa Consumer Data Protection Act?

The domain with the highest gap count is Iceland Act 90/2018 Sectoral (1 gaps). Export the full domain-by-domain gap breakdown via the Professional tier to generate a prioritised remediation roadmap.

Related Resources

How to Map Controls Across Frameworks|Multi-Framework Compliance Guide|Compliance Glossary

This platform provides educational compliance tools, not legal, regulatory, or professional compliance advice. Cross-framework mappings are AI-assisted interpretations and do not reproduce or replace official standards. Framework names and trademarks belong to their respective owners. Consult qualified professionals for your specific compliance requirements. See our Terms of Service.