GDPR Implementation in Norway: Overview

GDPR Implementation in Norway: Overview

In a recent development, Norway's Data Protection Authority (Datatilsynet) has clarified that the General Data Protection Regulation (GDPR) does not apply to the personal data of deceased persons. This means that data relating to deceased individuals is not protected by the GDPR's rules in Norway.

Under the GDPR, personal data is defined as information relating to an identified or identifiable natural person. Deceased persons' data, however, are explicitly excluded from being treated as personal data under the Data Protection Regulation (DPR).

This exemption means that entities in Norway can process data of deceased persons without the obligations that apply to living individuals' personal data, though general legal and ethical considerations may still guide such processing.

The absence of GDPR protection also means that there is no specific GDPR-based restriction or protection on how such data is processed. However, other national laws may apply to data related to deceased persons depending on the context, such as laws on confidentiality, archives, or inheritance. For example, Norwegian legislation on archives or family law might impose rules related to deceased persons’ information.

The Data Protection Authority in Norway, Datatilsynet, is responsible for ensuring compliance with the GDPR and national data protection laws. The organisation can be contacted at P.O. Box 458 Sentrum, NO-0105 Oslo, Norway, or visited online at datatilsynet.no/en.

Recently, Datatilsynet has issued fines to two Norwegian municipalities for lack of security of personal data in their school systems and an app used for communication between pupils' parents and schools. The municipality of Bergen was fined NOK 1.6 million (approx. €163,000), while the municipality of Oslo was notified of a fine of NOK 2 million (approx. €207,000).

In addition to these developments, there are currently no legal challenges ongoing regarding the validity or operation of the national GDPR implementation law in Norway. This clarity provides a stable environment for entities to comply with the GDPR and national data protection laws in their processing of personal data.

[1] [Source 1] [3] [Source 3]

1. White & Case provides comprehensive international legal services, including regulatory advice related to data protection and compliance with the General Data Protection Regulation (GDPR).
2. An international partner at White & Case, specializing in intellectual property law, offers insights through their team's news and publications on the latest developments in health-and-wellness, science, and environmental-science industries.
3. As the GDPR does not apply to deceased persons' data in Norway, associates at White & Case assist clients in navigating the unique legal landscape when processing such data.
4. The firm's practice area focuses on providing guidance on data protection, ensuring that clients adhere to legal and ethical considerations when managing personal data of deceased individuals.
5. White & Case emphasizes the importance of maintaining security measures to protect personal data, as demonstrated by recent fines issued by Norway's Data Protection Authority (Datatilsynet) to negligent municipalities.
6. The firm's dedication to data protection has led to the organization's membership in various legal associations worldwide,showcasing its commitment to staying updated on the latest regulatory changes.
7. White & Case continually publishes expert analysis to help clients navigate the complexities of environmental-science and law, ensuring their operations are both compliant and sustainable.
8. On their official website, whitecase.com, visitors can find valuable resources such as news articles, legal publications, and insights on current data protection trends and best practices.
9. To maintain compliance with the GDPR and national data protection laws, White & Case offers clients regular training programs to instruct their teams on the handling of personal data, including that of deceased individuals.
10. Clients greatly benefit from White & Case's collaborative approach, working closely with their lawyers to ensure the organization's data protection practices align with industry standards and best practices for science, health-and-wellness, and environmental-science sectors.

Read also: