• Home
  • About NICCI
    • What is NICCI?
    • Meet the Board
    • The administration
    • Partner members
    • Articles of Associtation
  • All news
  • Doing business
    • Useful Norway – India links
  • Member
    • What’s in it for you?
    • Apply for membership
  • Contact
Nicci
Norway India Chamber of Commerce and Industry: promoting Norway - India business relations. Network between companies, organizations and authorities.
You are here: Home / Member stories / A stricter regime for cross-border transfer of personal data

A stricter regime for cross-border transfer of personal data

06/03/2016 By Jeppe Songe-Møller

The new EU General Data Protection Regulation (2012/0011/COD) implies that companies doing business in Norway should review their contracts and internal procedures.

Jeppe_Songe-Moller

Jeppe Songe-Møller

Written by Jeppe Songe-Møller, Senior Lawyer at Advokatfirmaet Schjødt AS – NICCI partner member.

Many data transfers between companies contain personal data, typically when a company purchases IT services from an external provider. Furthermore, international corporations are exchanging personal data between group companies in different countries on a daily basis. Some companies may also collect customer data via web sites or online applications.

1. Focus on export of data to non-EU/EEA countries

Personal data is any information or assessment that can be linked, either directly or indirectly, to a physical person. Information about employees or customers will normally be considered as personal data.

As a direct consequence of the new regulation, companies should consider whether personal data is being transferred from one country to another and whether personal data is transferred to countries outside the EU/EEA. An example will be outsourcing of IT services by a Norwegian company and transfer of information about employees or customers electronically to a subcontractor in India. In such instances, Norwegian data protection rules require that agreements and internal procedures are in order.

The European Commission recently issued a communication summarising the actions taken to restore trust in EU-US data flows since the 2013 Snowden-revelations. A new framework for commercial data exchange, the EU-U.S. Privacy Shield, will most likely be implemented shortly.

2. Emerging technologies

In some instances it may be difficult to know which country the personal data is transferred to, e.g. by the use of cloud computing services. A cloud service allows companies, by using external server parks that are connected to the internet, to command almost unlimited computing power as required. For this reason, many businesses choose not to make significant investments in own hardware. Export of personal data outside of the EU/EEA, and in particular the use of international cloud computing service providers, requires that measures are taken in accordance with the Norwegian Personal Data Act.

3. Verify documents

Any company that enters into an agreement with an external service provider whereby personal data will be exchanged, or groups initiating intra-group transfers of personal data, should ensure that data processing agreements have been signed. Companies should also prepare an internal risk analysis which shows that the company has evaluated the safety and vulnerability associated with data transfer. This is particularly important for international transfers, be it between group companies, using IT providers with servers located outside the EU/EEA or using cloud computing where the server’s location is not clearly specified.

4. Regulatory compliance

The new EU General Data Protection Regulation will lead to increased government focus on requirements for internal documentation, such as security assessments, vulnerability analysis and data processing agreements. The new regime will also authorize local data protection agencies to issue substantial fines for violations.

All companies that process personal data shall follow the data protection rules and should adopt a proactive approach to data exchange, especially when data cross borders.

Senior Lawyer Jeppe Songe-Møller, Advokatfirmaet Schjødt AS, LLM in European Law (King’s College London), Cand.Jur. (University of Bergen)

Email: jsm@schjodt.no

Help us share NICCI content in social media...

  • Share
  • Tweet
  • LinkedIn

Filed Under: Member stories

Become a member of NICCI

If you are involved in Norway-India business, you should join our community. Get access to information, network and events.

Apply for membership now

Search our website

Sign up for NICCI Newsletter 2020

Be the first to know about events and other news

Interact with us in social media

  • Facebook
  • LinkedIn
  • Twitter

NICCI has 61 members in 3 categories; Partner members, Business members and Individual members

Our partner members in 2019 are:

Yara International ASA
HCL
NORWEGIAN SEAFOOD COUNCIL
RAMBØLL
THE RESEARCH COUNCIL OF NORWAY
EY
EKSPORTKREDITT NORGE
NHO
DNB
ORKLA
CONAX
JOTUN
DNV GL
KONGSBERG DIGITAL
GIEK
SCHJØDT
TCS
LARSEN & TOUBRO
STATKRAFT
NAMMO
UMOE

More pages & posts

Meet the Board of Norway India Chamber of Commerce and Industry

“Incredible India” meets “Norway Powered by nature”

Get in touch:

Norway India Chaimber of Commerce and Industry
Oscars gate 27
0352 Oslo

Email:
post@nicci.no

Interact in social media

  • Facebook
  • LinkedIn
  • Twitter

Sign up for NICCI Newsletter 2020

Be the first to know about events and other news
Copyright © 2021 NICCI. Web- design and maintenance by Devant
This website uses cookies. Read more about cookies and privacy here.
This website uses cookies. Read more about cookies and privacy here.
Ok
Read more