GDPR incorporated as a part of EEA Agreement and comes into force in Norway 20 July 2018

Although GDPR began to apply in the EU member states already on 25 May 2018, the legal process is a little more complicated in Norway, since we are an EEA country and not a member of the EU.

As described earlier in the Privacy Factory blog, the implementation of GDPR in Norwegian law is dependent on the regulations being adopted as a part of the EEA Agreement and all EEA countries approving the EEA Committee's decisions.

The EEA Committee decided that the GDPR shall be a part of the EEA Agreement in a 
meeting on 6 July 2018. The Norwegian government expects that the resolution will take effect from 20 July, assuming that Liechtenstein revokes its constitutional reservation on 19 July, which the country has stated that it plans to do.

The Norwegian government decided in a cabinet meeting on 15 June 2018 that the new Norwegian Personal Information Act (that implements GDPR in Norwegian law) shall come into force at the same time as the resolution that incorporates the regulation into the EEA Agreement becomes effective. There is therefore reason to believe that the GDPR will be Norwegian law from 20 July 2018.

By Advokatfullmektig Christine Stousland