GDPR is the EU's law on data protection, and is directly applicable in Norwegian law. It came into force on 20 July 2018, together with a new Personal Data Act with supplementary provisions. It is the basis for all work with protection of privacy in Norway,  and is the most significant change relating to the protection of privacy in 20 years.

The Norwegian Data Protection Agency offers guidance on the implications of the protection of privacy (datatilsynet.no)(NO), among other things on the duties of the institution, data processor agreements, cloud services, data protection by design, the Data Protection Official and on the rights of the registered.