Faroe Islands - GDPR-Aligned Data Protection Law | ConsentStack

Back to Regulations Guide

Key Facts

Effective Date

January 1, 2018

Enacted

January 1, 2018

Enforcing Authority

Faroese Data Protection Agency

Consent Model

Opt-in

Applies To

Organizations processing personal data in the Faroe Islands

Overview

The Faroe Islands maintain a separate GDPR-aligned data protection framework, distinct from Denmark's domestic GDPR implementation. Despite being a Danish self-governing territory, the Faroe Islands have their own Data Protection Agency and have received an EU adequacy decision.

What This Means for Your Website

GDPR-aligned consent requirements apply for Faroese visitors
The Faroe Islands have their own separate data protection framework from Denmark
EU adequacy is in force, enabling data transfers with the EU

Key Requirements

The Faroese Data Protection Agency enforces GDPR-aligned requirements. The EU adequacy decision ensures compatibility with EU data protection standards.

How ConsentStack Handles This

ConsentStack applies GDPR-compliant consent for Faroese visitors, meeting the territory's GDPR-aligned requirements.

Penalties

Not widely documented.

Key Requirements

GDPR-aligned consent requirements
Data subject rights
EU adequacy decision in force

Notable Provisions

EU adequacy decision granted
Separate from Denmark's GDPR implementation
Danish self-governing territory with own legal framework

Other Europe Regulations

GDPREuropean Union + EEA

The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.

PECRUnited Kingdom

PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.

ePrivacy DirectiveEuropean Union + EEA

Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.

Loi Informatique et LibertésFrance

France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.

UK GDPRUnited Kingdom

The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.

Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Are the Faroe Islands covered by Denmark's GDPR?

No. The Faroe Islands have a separate GDPR-aligned data protection framework, despite being a Danish self-governing territory.

Do the Faroe Islands have EU adequacy?

Yes. An EU adequacy decision is in force, enabling data transfers between the Faroe Islands and the EU.

Who enforces data protection in the Faroe Islands?

The Faroese Data Protection Agency, separate from Denmark's Datatilsynet.

Stay compliant with Faroe Islands DPA

ConsentStack helps you implement Opt-in consent for Faroe Islands automatically.