GDPR incorporated as a part of EEA Agreement and comes into force in Norway 20 July 2018


Although GDPR began to apply in the EU member states already on 25 May 2018, the legal process is a little more complicated in Norway since we are a EEA country and not a member of the EU.

As described earlier in the Privacy Factory blog, the implementation of GDPR in Norwegian law is dependent on the regulations being adopted as a part of the EEA Agreement and that all the countries approve the EEA Committee's decisions.

The EEA Committee decided that the GDPR shall be a part of the EEA Agreement in the meeting on 6 July 2018. The Government expects that the resolution will take effect from 20 July, assuming that Leichtenstein revokes its constitutional reservation on 19 July as the country has informed that it plans to.

The Norwegian decided in the cabinet meeting on 15 June 2018 that the new Norwegian Personal Information Act (that implements GDPR in Norwegian law) shall come into force at the same time as the resolution that incorporates the regulation into the EEA Agreement comes into effect. There is therefore reason to believe that the GDPR will be Norwegian law from 20 July 2018.

By Advokatfullmektig Christine Stousland.