The GDPR comes into force in Norway


On Friday, the EU’s new privacy policy will come into force in Norway.


Large fines could be the result for companies who are sneaking away.

‘’We are ready. We have really been ready for a while,” said communications advisor, Guro Skåltveit of the Norwegian Data Inspectorate.

The Data Inspectorate is to get a whole new regulatory framework to deal with when the EU’s Privacy Policy, commonly called GDPR, comes into force in Norway.

EU member states have been bound by the rules since the 25th of May. However,in Norway, the introduction was delayed due to debris in the EEA machinery.

Only this week were the last obstacles cleared so that the rules can come into force on Friday.

High demand

The Data Inspectorate has already prepared the change of regime with updated web
pages and more new guidelines explaining the new rules, both for individuals and for

“But whether the rest of Norway is ready is more uncertain,” said Skåltveit.

According to her, the Data Inspectorate has noted a lot of pressure from businesses that are now struggling to adapt.

“It will be busy for a while,” said Skåltveit.

“We know that many people are working very hard now to get things in place in their
businesses,” she said.

New rights

Skåltveit emphasised what the new regulations mean for each individual.

The overall goal of the rules is to give regular people better control over what personal information different companies collect about them online.

‘’This is a great news. It strengthens the rights of all individuals. This means that each
of us will be able to get a better overview of what is happening with our personal
information,” said Skåltveit.

At the core of the regulations there is a requirement for consent.

The introduction of the new rules has therefore triggered a deletion of emails where
consent is required to continue to store information.

New right to be forgotten

The new rules mean that everyone should be entitled to know what personal information companies have stored about them.

At the same time, “the right to be forgotten” is introduced. This means that people should be able to request personal information be deleted.

But this right is not unlimited.

Politicians, for example, can not delete previous statements. Nor should the new rules lead to any censorship of the press.

May impose fines

The new rules will also lead to closer cooperation between the Data Inspectorate and corresponding supervision in other European countries.

Moreover, the data surveillance gets significantly more muscle than before.

“You can give fines to a completely different order of magnitude,” points out Skåltveit.

Non-compliance companies risk fines of up to 20 million euros, or 4% of annual turnover if more.

In big international companies, this means that fines could grow to billions.


© NTB scanpix / #Norway Today