persónuverndarskrár

Persónuverndarskrár are internal documents used in Iceland to describe how an organization processes personal data. The term, meaning roughly “privacy processing records,” refers to comprehensive descriptions of an entity’s data processing activities and is part of the country’s data protection framework, aligned with the EU General Data Protection Regulation (GDPR) and Icelandic data protection law.

A persónuverndarskrá typically includes details such as the categories of personal data processed, the purposes of

The purpose of persónuverndarskrár is to provide an overall, up-to-date account of how personal data is handled

Persónuverndarskrár are distinct from privacy notices given to data subjects. The former are internal records for