Data protection & privacy laws in Greenland (2026)

Greenland's Personal Data Act entered into force on 1 December 2016, replacing records legislation dating to 1978. It was adopted at the request of Naalakkersuisut (Greenland's Self-Government) and is substantially equivalent to the Danish Data Protection Act of that era, though not to the later GDPR.

Greenland is not a member of the EU (it withdrew in 1985) and is not part of the EEA, so EU Regulation 2016/679 (GDPR) has no direct force. Danish national implementation of the GDPR also does not extend to Greenland.

Greenland's Act omits special television-surveillance provisions (CCTV processing is assessed under the general rules of the Act), and unlike Danish law, the Act does not govern personal data processing by Greenlandic courts.

Greenland has no independent data-protection authority of its own. The Danish Data Protection Agency (Datatilsynet) provides oversight in matters that fall under residual Danish jurisdiction, but Greenland's autonomous administration handles most local enforcement questions.

Because Greenland is outside the EEA and holds no EU adequacy decision, any transfer of personal data from EU/EEA controllers to Greenland-based recipients must be covered by appropriate GDPR Chapter V safeguards (e.g., Standard Contractual Clauses).

In May 2023 the Danish Data Protection Agency, acting as lead supervisory authority, approved Binding Corporate Rules for the Royal Greenland Group, confirming that Greenlandic entities can serve as BCR holders and that transfers to Greenland are treated as third-country transfers requiring such instruments.