The General Data Protection Regulation (GDPR) entered into applicability in the EU on 25th of May 2018.
There is thus one set of data protection rules for all companies operating in the EU/EEA, wherever they are based.
Stronger rules on data protection mean:
Although not a member of the EU, Norway is a member of the European Economic Area (EEA). The EEA Agreement ensures that Norway is part of the “Internal market” based on the EU’s four freedoms – free movement of goods, services, persons and capital.
The GDPR was incorporated into the EEA agreement and became applicable in Norway on 20 July 2018. Norway is thus bound by the GDPR in the same manner as EU Member States.
The Norwegian Data Protection Authority has now made public a list of processing activities that we consider likely to result in a high risk to the rights and freedoms of data subjects and that always will require a DPIA. Such an assessment must be carried out before the processing of personal data is initiated.
The Norwegian Data Protection Authority has developed guidelines to help organisations understand and comply with the requirement of data protection by design and by default in article 25 of the General Data Protection Regulation.
We have among others cooperated with security professionals and software developers in public and private sector to create the guidelines.
In preparation for the International Data Protection Day, The Norwegian Data Protection Authority every year carries out a survey looking into different cases regarding the public's personal data. The surveys are used as background for an annual report. Some of the reports are translated into English.
You Decide is a teaching resource about privacy and digital responsibility for children and young people aged 9-18 years. It's used in more than twenty countries.
All the content is available in English, and you are free to share and adapt the content in your country.