The European Union’s General Data Protection Regulation (GDPR) sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:
Norway implemented the GDPR through the Law on the processing of personal data (Personal Data Act, 2018). Under this law, employees’ personal information may be processed when necessary to meet labor law requirements and the rights of employees.
One aspect of the Personal Data Act which may impact Norway employers is the additional limitations on processing unique identifiers, including birth IDs. Employers (and others who manage data) can only use birth IDs to identify individual employees when there is a need for secure identification and the method used by employers is necessary to achieve such identification.