GDPR COMPLIANCE IN NORWEGIAN COMPANIES
The General Data Protection Regulation (GDPR) became effective from May 25th, 2018 in the EU and influences any company that collects and stores personal data about European citizens. Our research aim is to explore opportunities and challenges that Norwegian companies face when complying with GDPR. First, we studied the 99 articles that constitutes GDPR. Second, we conducted a survey questionnaire and third, we took part in the GDPR project of one large company during spring 2018. Our contribution consists of insights and descriptions of opportunities and challenges that Norwegian companies face when complying with GDPR. Our main findings include that the majority of our respondents was well informed about the new regulation and they rated themselves as well prepared. They even saw some positive aspects, like gaining more control over the company’s data and business procedures. The greatest concern is how to comply with Article 17: Right to erasure (“right to be forgotten”). In addition, this paper contributes by identifying eleven of 99 GDPR articles that primarily influence a company’s IT-systems. Our study should be of interest to company managers and it will remain relevant in the time after the GDPR implementation date. In this regard, one of our respondents eloquently stated: “Complying with GDPR is not a goal to be reached, it is the start of a journey”.