All businesses that collect and use personal data must comply with the General Data Protection Regulation (GDPR).
About the regulations
The aim of this regulation is to give citizens greater control over how data that can be linked to them is used, shared and stored. This applies to both your employees and your customers. The regulations are particularly strict if your business handles sensitive personal data such as health information or information concerning children.
For more information on this, see the Norwegian Data Protection Authority's website. On this website, you will also find templates for carrying out data protection impact assessments in order to assess the secure processing of personal data.
A checklist has been prepared covering what you must do before you start processing personal data. This checklist can be found on the Norwegian Data Protection Authority's website.
Businesses that fail to comply with the General Data Protection Regulation (GDPR) risk not only losing customers, but also a fine from the Norwegian Data Protection Authority.