Do I need a license to gather/process personal data?
A new act on the processing of personal data entered into force in July 2018. The act implements the EU General Data Protection Regulation (GDPR) in Norway. There is no longer a general obligation for notification and licensing from The Norwegian Data Protection Authority (DPA) (Datatilsynet). Meanwhile, the act introduces a requirement that all research institutions must have a data protection officer (“personvernombud”).
All research projects that process personal data must have a data controller who ensures that the project has a legal basis for the processing. The data protection officer should advise on how the data controller can safeguard privacy interests, and in some cases, researchers are required to seek advice from the data protection officer or a data protection advisor. This is, however, not considered a notification obligation, and the advice is not considered a license.
In special cases, a license must be obtained from The Norwegian Data Protection Authority (DPA) (Datatilsynet).
Thank you for helping us provide a better service.
Fill in your feedback in the form below.