DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

馃嚠馃嚫 EEA & Europe (non-EU)

Cookie consent in 脥sland

Consent and privacy law in 脥sland

In short
Iceland applies the GDPR through the EEA Agreement, implemented by Act No. 90/2018 and enforced by Pers贸nuvernd. Cookie rules derive from the Electronic Communications Act and require consent for non-essential cookies. Icelandic guidance requires informed opt-in consent, clear information in Icelandic, and an easy reject path. Pers贸nuvernd processes complaints and issues opinions, and treats online identifiers as personal data. Because Iceland is a small market, many sites serve content in both Icelandic and English, and notices should match the language served. Controllers should keep evidence of consent and avoid pre-ticked boxes.
Authority
Pers贸nuvernd (Icelandic Data Protection Authority)
Status

GDPR applies via the EEA Agreement, with national Act No. 90/2018

Primary law
GDPR
Languages

is

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Apply the GDPR as adopted into the EEA Agreement
  • Obtain opt-in consent for non-essential cookies
  • Provide notices in Icelandic, and English where served
  • Keep evidence of consent

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
馃嚠馃嚫 Iceland

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Iceland using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Iceland.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Iceland requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Iceland audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does the GDPR apply in Iceland?+

Yes. Iceland applies the GDPR through the EEA Agreement, implemented by Act No. 90/2018 and enforced by Pers贸nuvernd.

Which authority enforces data protection in Iceland?+

Pers贸nuvernd, the Icelandic Data Protection Authority, enforces the GDPR and the national rules under Act No. 90/2018.

Governing law

馃嚜馃嚭 GDPR

Other countries in EEA & Europe (non-EU)

馃嚦馃嚧 Norge馃嚤馃嚠 Liechtenstein馃嚚馃嚟 Schweiz / Suisse / Svizzera