The General Data Protection Regulation (GDPR) entered into applicability in the EU on 25th of May 2018.
There is thus one set of data protection rules for all companies operating in the EU/EEA, wherever they are based.
Stronger rules on data protection mean:
Although not a member of the EU, Norway is a member of the European Economic Area (EEA). The EEA Agreement ensures that Norway is part of the “Internal market” based on the EU’s four freedoms – free movement of goods, services, persons and capital.
The GDPR was incorporated into the EEA agreement and became applicable in Norway on 20 July 2018. Norway is thus bound by the GDPR in the same manner as EU Member States.