Data Privacy

On 25th May 2018, the General Data Protection Regulation (GDPR) came into force. The regulation applies to the processing of personal data in the European Economic Area (EU/EEA).  The purpose of the GDPR is to strengthen the protection of personal data and to harmonize the data protection laws across Europe. 

The GDPR contains provisions and requirements pertaining to the processing of personal data by private businesses and public authorities. This includes the obligation to keep records of processing activities, define the purpose and consider which lawful basis for each processing activity, implement measures to ensure that the processing is performed in accordance with the regulation, and to ensure a level of security appropriate to the risks. The GDPR also expands the rights of the data subjects (individuals), such as the right to information, rectification, erasure and the right to data portability.

Failure to comply with the GDPR may lead to serious administrative sanctions from the data protection authorities, as well a potential significant damage to a business' reputation. Furthermore, data subjects have the right to receive compensation for damage suffered as a result of a business' breach of the regulation. 

Through numerous assignments, for both private businesses and public authorities, we have extensive experience when it comes to compliance with the GDPR.


We have developed a chatbot (currently only in Norwegian) that can answer basic data privacy questions. The purpose of the chatbot is to assist employees in their daily work. You may read more about the chatbot here.

We assist businesses with services such as:

  • Review of GDPR-programs (GDPR audits)

  • Mapping of processing activities

  • Define the purpose and consider what lawful basis applies to the processing activities

  • Identify and assess the risks related to personal data (risk assessment)

  • Conduct Data Protection Impact Assessments (DPIA)

  • Develop and implement data privacy policies and procedures

  • Establish internal controls

  • Implement necessary security measures

  • Investigate breaches of the regulation

  • Act as the Data Protection Officer (DPO) or as a representative on behalf of the business

  • Review and develop data processing agreements

  • Litigate

  • Transferring mechanisms


No posts published in this language yet
Stay tuned...

Contact us

Erling Grimstad

Lawyer and CEO


(+47) 997 97 542