After some delay, the General Data Protection Regulation (GDPR) came into force in Norway on Friday and Norwegian companies that do not respect the rules might receive big fines, public broadcaster NRK reported.
“We are ready. We have actually been ready for a while,” said Guro Skaltveit, senior communication adviser of the Norwegian Data Protection Authority (DPA).
DPA has already updated web pages and published new guidelines explaining the new rules, both for individuals and for businesses.
“But it is more uncertain whether the rest of Norway is ready,” Skaltveit said.
The rules aim to give people better control over what personal information different companies collect about them online.
“This is great news. It strengthens the rights of all individuals. This means that each of us will be able to get a better overview of what is happening with our personal information, ” Skaltveit said.
GDPR also includes “the right to be forgotten”, which implies that people will be able to request personal information to be deleted.
Politicians, however, can not claim to delete previous statements, nor should the new rules lead to any censorship of the press, the report said.
The new rules will also lead to closer cooperation between DPA and corresponding supervision authorities in other European countries.
Companies that do not comply with the new rules risk fines of up to 20 million euros — or 4 percent of annual turnover if that makes up the higher sum.
Big international companies could thus be fined with billions of euros, NRK wrote.