GDPR Legislation in Norway
GDPR Legislation in NorwayUpdated on Thursday 26th July 2018
Rate this article
based on 2 reviews
based on 2 reviews
Even though Norway is not a member of the European Union (EU), the country is a member state of European Economic Area (EEA) and thus, the General Data Protection Regulation (GDPR) has an effect on this jurisdiction as, for example, Norwegian based businesses that have a presence on the EU’s market will have to adopt specific measures for the protection of data provided by clients, users, employees or business partners.
Norway is required to impose GDPR measures as established under the Article 7 (a) of the Main Agreement of the EEA, which has led to the creation of the Personal Data Act implementing GDPR in Norway, a document which includes a part of the GDPR requirements imposed by the EU. Our team of lawyers in Norway can offer in-depth legal assistance on the main regulations that are applicable here.
Main data amendments in Norway
The main legal act that protects data in Norway is the Personal Data Act, which has been amended to comply with a set of the GDPR rules imposed by the EU. Norway reserves the right to maintain a large part of the previous data legislation, but companies operating here should know that the following are in accordance with the EU’s law on the matter:
- • companies are not allowed to gather sensitive data from clients, unless the respective information is authorized by the data inspectorates operating in this country;
- • ID numbers belonging to natural persons may only be requested by companies and organizations only in the situation in which there are reasonable legal grounds to do so;
- • consent – the minimum age established by Norway (as well as by other Scandinavian countries) to give consent on the collection of data of a natural person is 13 years old;
- • employee’s e-mails – Norway plans to establish specific regulations under which an employer may access the employee’s e-mails.
Penalties for the breach of data protection laws in Norway
Following the implementation of a part of the GDPR laws in Norway, the country has removed its previous penalties regarding the breach of data legislation, being in line with the EU regulations on the matter, which can be detailed by our team of Norwegian lawyers.
It is important to know that Norway will apply administrative fees in amount of up to 4% of a company’s annual global turnover or EU 20 million and businessmen are invited to contact our law firm in Norway for legal representation and counselling regarding the measures that have to be imposed in order to avoid any penalties deriving from this new law.