Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)
Iceland's Act on Data Protection and the Processing of Personal Data (Act No. 90/2018) implements the EU GDPR into Icelandic law via the EEA Agreement. The Icelandic Data Protection Authority (Persónuvernd) oversees enforcement. The Act includes national provisions for processing of national identification numbers (kennitala), processing for journalistic purposes, research and statistics, the age of digital consent (13 years), and health data processing. Iceland applies the GDPR framework fully as an EEA member state.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
Iceland Act 90/2018 Chap 1 - Scope + EEA + GDPR
| Code | Title |
|---|---|
| ICELAND-Act90-Chap1-Scope-Definitions-EEA-GDPR-Personuvernd | Iceland Act No. 90/2018 - Chapter I Scope + Definitions + EEA Agreement + GDPR Application + Personuvernd Authority |
Iceland Act 90/2018 Chap 2 - Principles + Lawful Basis
| Code | Title |
|---|---|
| ICELAND-Act90-Chap2-Principles-LawfulBasis-Consent-Sensitive-Criminal | Iceland Act 90/2018 - Chapter II Principles + Lawful Basis + Consent + Special Categories + Criminal Data (Articles 8-13) |
Iceland Act 90/2018 Chap 3 - Rights
| Code | Title |
|---|---|
| ICELAND-Act90-Chap3-Transparency-DataSubjectRights-Access-Rectification-Erasure | Iceland Act 90/2018 - Chapter III Transparency + Data Subject Rights (Articles 14-23) - Access + Rectification + Erasure + Portability + Object + Automated Decisions |
Iceland Act 90/2018 Chap 4 - Controller Obligations + DPO
| Code | Title |
|---|---|
| ICELAND-Act90-Chap4-ControllerObligations-PrivacyByDesign-Processor-RoPA-DPO | Iceland Act 90/2018 - Chapter IV Controller Obligations + Privacy by Design + Processor + RoPA + DPO (Articles 24-26 + 35) |
Iceland Act 90/2018 Chap 4 - Security + Breach + DPIA
| Code | Title |
|---|---|
| ICELAND-Act90-Chap4-Security-BreachNotification-DPIA-Personuvernd-72hr | Iceland Act 90/2018 - Chapter IV Security of Processing + Breach Notification + DPIA (Articles 27-29) |
Iceland Act 90/2018 Chap 5 - Cross-Border
| Code | Title |
|---|---|
| ICELAND-Act90-Chap5-CrossBorder-EEA-AdequacyDecisions-SCC-BCR | Iceland Act 90/2018 - Chapter V Cross-Border Transfer of Personal Data + EEA + Adequacy + SCCs + BCRs + Article 30 Privacy Policy |
Iceland Act 90/2018 Chap 6 - Personuvernd + Enforcement
| Code | Title |
|---|---|
| ICELAND-Act90-Chap6-Personuvernd-Enforcement-AdminFines-AAB-Appeals-CriminalPenalties | Iceland Act 90/2018 - Chapter VI Personuvernd Authority + Investigation + Administrative Fines + Penal Code Section 228 + Court Appeals |
Iceland Act 90/2018 Sectoral
| Code | Title |
|---|---|
| ICELAND-Act90-Sectoral-Employment-Children-DirectMarketing-AutomatedDecisions-Cookies | Iceland Act 90/2018 - Sectoral - Employment + Children + Direct Marketing + Automated Decisions + Cookies + Cybersecurity |
Your Compliance Coverage
If you comply with Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018), you already cover:
Privacy Act 1988 (Australia)
63%
5 controls mapped
Compare →Ley Orgánica de Protección de Datos Personales (LOPDP)
63%
5 controls mapped
Compare →Law No. 172-13 on the Protection of Personal Data
63%
5 controls mapped
Compare →+ 111 more: Iowa Consumer Data Protection Act (63%), Indonesia PDP Law (63%)
See all 114 mapped frameworks ↓Maps to 114 other frameworks
Frequently Asked Questions
What is Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)?
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) is a compliance framework from Iceland with 8 domains and 8 controls. Iceland's Act on Data Protection and the Processing of Personal Data (Act No. 90/2018) implements the EU GDPR into Icelandic law via the EEA Agreement. The Icelandic Data Protection Authority (Persónuvernd) oversees enforcement. The Act includes national provisions for processing of national identification numbers (kennitala), processing for journalistic purposes, research and statistics, the age of digital consent (13 years), and health data processing. Iceland applies the GDPR framework fully as an EEA member state. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) have?
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) has 8 controls organised across 8 domains. The largest domains are Iceland Act 90/2018 Chap 1 - Scope + EEA + GDPR (1 controls), Iceland Act 90/2018 Chap 2 - Principles + Lawful Basis (1 controls), Iceland Act 90/2018 Chap 3 - Rights (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) map to?
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) maps to 114 other compliance frameworks. The top mapping partners are Privacy Act 1988 (Australia) (63% coverage), Ley Orgánica de Protección de Datos Personales (LOPDP) (63% coverage), Law No. 172-13 on the Protection of Personal Data (63% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) compliance?
Start your Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required