GDPR – Privacy Regulation

Cecilie Dahl

Cecilie Dahl
Partner | Senior Rådgiver

GDPR – Privacy Regulation

The Privacy Regulation is a law adopted by the EU (it is also called the GDPR, which stands for general data protection regulation). The law applies in all EU and EEA countries. In Norway, the Personal Data Act was incorporated into Norwegian law with effect from 20 July 2018.

The law will apply to almost all companies in Norway (and everyone who has employees). All companies should therefore familiarize themselves with the rules.

The processing of personal data is not prohibited, but you must know how to do it in order to do so legally. The GDPR is intended to give ordinary people better control over what personal information various companies collect about them. A requirement for consent is at the heart of this.

GDPR is incorporated into Norwegian law to strengthen privacy and companies that violate GDPR can be penalized with up to 4% of annual turnover.

Six basic requirements for the processing of information about persons:

1. The company must process the information in a way that is legal, fair and transparent.

2. The company must have decided on the purpose and reasons for collecting information.

3. The company must ensure that the information is adapted to the purpose it has (but also that it is not more comprehensive).

4. The company must ensure that the information they have is correct.

5. The company must delete information that it is no longer necessary to have (alternatively, you can anonymize the information).

6. You must store and use the information so that it is not misused.

The aim of the GDPR is to strengthen citizens' freedom and rights.

What can Vidi do for you?

Vidi has a role as a data processor for our customers. We take responsibility for secure processing and storage of collected data, full overview of software that collects data and can also advise the company internally in relation to storage and deletion of personal data.