Protection of privacy
All companies need to manage personal information. This may be information about employees, customers and suppliers, visitors to business websites, activity logs in the company's IT systems, or a wide range of other types of information.
The new Privacy Regulation (GDPR), which is effective in EU countries from May 2018 and which will be implemented in Norway through a new Personal Data Act, introduces stricter regulation with increased documentation requirements and more protection for individual privacy. The GDPR also imposes much stricter sanctions in case of violation. This places great demands on companies. Although the challenges will vary with the scope of the individual company's processing of personal data, no companies will be unaffected.
Today, most companies use data processors (IT service providers, vendors running software maintenance, and similar). New and more detailed rules apply to these relationships as well, including the content of data processing agreements and the data processor's own duties.
Based on our experience, companies have a special need for assistance regarding:
- Analysis of strategy and scope
- Establishment and documentation of internal control systems
- Agreements, including data processing agreements
- Transfer of personal data outside the EU / EEA
- Control measures in the workplace, including access to employee e-mail
- Collection, storage and use of large volume of data ("big data")
- Use of cloud services
- Handling a security breach
We have written the Norwegian chapter of ICLG's 2017 edition regarding data protection, available here.
Regulations related to treatment of personal data are also relevant in connection with the conclusion of IT contracts etc. Read more here.