Support Centre



Law: Law on the Processing of Personal Data (Personal Data Act) of 15 June 2018 (only available in Norwegian here) ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: Norwegian data protection authority ('Datatilsynet')

Summary: Norway an EEA Member State and thus the GDPR applies following its adoption by the EEA Joint Committee through Decision 154/2018 of the EEA Joint Committee of 6 July 2018. The Act implements the GDPR in Norway. Datatilsynet has been particularly active in both enforcement and in publishing guidance on a variety of important data protection issues, including on codes of conduct, direct marketing, software development with Privacy by Design and by Default, as well as CCTV surveillance. In addition, Datatilsynet and the Consumer Authority published comprehensive guidance on direct marketing that also addresses the protection of children and young consumers in relation to targeted advertising. Various guidelines from Datatilsynet and the Norwegian Directorate of eHealth addressing patient records, biobanks, pharmacovigilance have also been issued.


Monitoring employees with camera surveillance is a complex and often heavily regulated area. Fredrik Wiker and Line Helen Haukalid, from Advokatfirmaet Wiersholm AS, discuss the applicable laws and guidance on this topic in Norway.