Skip to Primary Navigation

Iceland’s DPA signals continued focus on cybersecurity, health data, and AI governance

Harpa Concert Hall and Conference Centre in Reykjavik, Iceland
Photo: Athanasios Gioumpasis/Getty Images

Persónuvernd’s annual report for 2025 shows an increasingly proactive approach to cybersecurity failings, AI oversight, and organizations handling sensitive data.

“It has been claimed that more technological advances will take place in 2025 than in any other year.” This is the opening sentence in the annual report for 2025 from Persónuvernd, the Icelandic Data Protection Authority (DPA).

In a year that brought a lot of quick-paced technological changes as well as

Get full access, free for a month

This is a Premium article. Start your 28-day free trial to continue reading and access all content on GRIP – no payment details required.

What’s included:

  • Every new article, plus our 5,000+ archive
  • Daily regulatory insight and guidance
  • Exclusive interviews and in-depth analysis
  • Coverage of industry-leading events and conferences
  • All podcasts and videos, featuring industry experts
  • The full set of Rules Navigator tools
  • An ad-free experience