515 7400 lr@lr.is


The protection of personal data is high on the European legislative agenda. It is enshrined as a fundamental human right in both the EU Charter of Fundamental Rights and the TFEU, as well as in the Icelandic Constitution and Article 8 of the European Convention on Human Rights. The Council of Europe has gone so far as creating the only convention in the world on data protection – Treaty 108. 

The most recent development in this field is the enactment of the General Data Protection Regulation (the GDPR). The regulation has three main aims: 1) Harmonization, 2) putting the data subject back in control and 3) to simplify the regulation landscape and stimulate the market. As Iceland is a part of the European Economic Area, the GDPR will be transcribed into Icelandic law next year.

The GDPR reduces a lot of regulatory complexities, but it also introduces a lot of new red tape and severely increased risk of exposure to regulatory measures, fines and bad press.

For our US clients it is even more urgent to give serious thought to data protection. Even though data protection in the US can be traced back to a single law review article by Lois D. Brandeis from about 130 years ago, the right to privacy has not developed as a cohesive concept. There is nothing on data protection in the Constitution, although it is considered to an implied right in the penumbra. Other constitutional restraints have impact data protection, such as the first amendment and the freedom of the press. Therefore US companies are often not used to the more cohesive data protection legislation in the EU.

Reykjavik Law Firm is well equipped to help its clients adapt to this new environment and get the most out of their valuable data, while at the same time ensuring data portability and protection by design and default. We count among our partners a Board Member of the Icelandic Data Protection Authority and attorneys that have specialised in