The new Personal Data Act that implements the GDPR (General Data Protection Regulation) in Norway came into force in the summer of 2018, and lately "everyone" has been concerned about privacy.
Our lawyers have been concerned with data protection for much longer, and have advised in accordance with both the Personal Data Act from 1978 and the Personal Data Act from 2000 - which is a clear advantage because there is much that is continued in the GDPR and the Norwegian implementation act with associated regulations. We are also keen to keep up with technological developments in order to understand our clients' needs.
Although the GDPR increases the responsibility of companies, and provides a significantly increased level of infringement fees, we believe that many have an almost "hysterical" relationship with privacy that serves no one. In recent years, we have also seen a number of people with limited experience giving misleading advice on data protection, which has resulted in businesses making unnecessary and costly changes, including deleting data that should not have been deleted and requiring consent for processing where it isunnecessary.
We want to help businesses implement data protection legislation and comply with existing requirements in a sensible way.
We assist with:
- Mapping and documentation of the company's processing of personal data
- Analysis of the company's need for changes and design of routines and declarations, etc.
- Assessment of alternative legal basis/basis for processing
- Drafting of consent
- Preparation of information (privacy statements) for customers, employees, etc.
- Preparation of cookie policy
- Deviation management with possible notification to the Norwegian Data Protection Authority and the data subject
- Handling of requests for access, rectification, deletion and restriction of processing
- Deletion routines
- Assessments before the acquisition of a new IT solution or new use of an existing solution
- Privacy routines for marketing
- Privacy routines for HR / employees
- Risk assessments
- Routines for maintenance and auditing
- Privacy handbook (internal control)
- Data processing agreements
- Agreements between joint data controllers
- Digitization processes - Privacy by design
- Courses and training