Data Protection (GDPR)

Simonsen Vogt Wiig's Data Protection team has wide-ranging experience in assisting businesses with ensuring effective compliance with data protection legislation, including law on banking/finance, telecommunications, security and health.

In July 2018, new rules on data protection came into force in Norway. The new Personal Data Act implemented the EU General Data Protection Regulation («GDPR»), and imposes stricter obligations on all businesses. The data protection rules apply to any processing of data concerning employees, customers, suppliers, members and visitors on the business’ websites. The Norwegian Data Protection Authority (Datatilsynet) can impose administrative fines up to 20 000 000 euro or 4 % of the total worldwide annual turnover.

Our experience ranges from providing general assistance with regard to Binding Corporate Rules (BCR and BCRP) and internal control to many of Norway’s largest corporations, to assisting entrepreneurs with fundamental issues and complaint handling vis-à-vis supervisory authorities concerning new technology.

Based on our broad experience, in-depth knowledge of the Norwegian Data Protection Authority’s practices, tested procedures and tools, we can provide clear and practical advice tailored to your business.

Generally, many businesses require assistance regarding:

  • Mapping the business’ processing of personal data
  • Assessing the legality of various processing activities (gap analysis)
  • Identifying and prioritizing necessary measures.
  • Establishing a long-term data protection strategy
  • Reviewing or establishing documentation for internal control and routines
  • Formulate a privacy policy and other information required vis-à-vis customers and employees
  • Carrying out data protection impact assessments (DPIA) and risk assessments
  • Ensuring that data protection principles are implemented into relevant systems and solutions (privacy by design)
  • Reviewing or establishing data processing agreements
  • Establishing a basis for transferring personal data outside the EEA (BCR and/or Standard Contractual Clauses)
  • Representing the business in discussions with the Norwegian Data Protection Authority
  • Assessing whether the business is required to have a data protection officer (DPO). We may act as your business’ data protection officer (read more)

Internationally recognised

The data protection team has been ranked best in Norway by the Norwegian business paper Finansavisen in their large annual survey since 2019. The team is part of Simonsen Vogt Wiig’s Technology and Media department, which has received top ratings by Chambers and PartnersLegal 500, Prospera and The Norwegian Financial Daily (Finansavisen).

Clients praise the team's client-centric approach.

Chambers and Partners

They understand very well the technology space and related legal challenges.

Chambers and Partners
See also

Data Protection Officer Services (DPO)

SWV's dedicated and experienced GDPR-lawyers offer professional services as DPOs. For more information read here.
Read more