The new privacy regulation will apply in all EU and EEA countries and is a binding legislative act. This means that the regulation must be be applied in its entirety across the EU and the EEA. One of the biggest changes from the previous legislation is that some organizations are required to have a Data Protection Officer. The change is expected to lead to a significant increase in the number of DPOs in Norway. When the regulation enters into force, it is no longer required to get the Data Protection Authority's approval of the DPOs. Instead, a registration system is created where companies themselves register their DPO. "GDPR will have a major impact on all business processes. One of the major changes is that companies must document all procedures for handling personal data and implement technical and organizational procedures that ensure that they act in accordance with the regulation. Therefore, we are proud to contribute to the development of the National Registry for DPOs,” says Gunnar Nyb?, Head of Public Sector, Tieto Norway.
The legislation requires that the company selects a DPO based on professional skills, expertise in the field of privacy and ability to perform the tasks. The Data Protection Officer may be employed by the business or by a professional third party. It is the companies themselves that register the DPO. The registry is based on Tieto's case and archiving solution and integrated with national archives using Tieto's integration framework.