Datatilsynet (Norway)

From GDPRhub
Name: Datatilsynet
Abbreviation : Datatilsynet
Jurisdiction: Norway
Head: Bjørn Erik Thon
Deputy: n/a
Adress: Tollbugata 3

0152 Oslo


Phone: +47 22 39 69 00
Twitter: @datatilsynet
Procedural Law: Public Administration Act (Forvaltningsloven) (in EN), Freedom of Information Act (Offentleglova) (in EN)
Decision Database: Important decisions (in NO)
Translated Decisions: Category:Datatilsynet (Norway)
Head Count: Approx. 50
Budget: n/a

The Norwegian Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Norway. It resides in Oslo and is in charge of enforcing GDPR in Norway.


Datatilsynet is an independent body set up in 1980. Administratively, Datatilsynet is subordinate to the Ministry of Local Government and Modernisation. Cases are usually assigned to an employee that is named on all documents by initials.

Datatilsynet is organized in two legal departments, one communications department and one administrative department. The legal departments are further organized in different sections.

Legal Departments

Department for the enforcement of rules, international cooperation and sanctions

The department for the enforcement of rules, international cooperation and sanctions have the overarching responsibility for the legal development at Datatilsynet, as well as the international work, for instance with the EDPB.

The department have three different sections:

Section for public services

The section for public services have the main responsibility for police- and justice sector, immigration administration, the health sector, public administration and the school- and kindergarden sector.

Section for private services

The section for private services have the main responsibility for the banking and financing sector, privacy in the workplace, violations on the internet, camera surveillance, audio recordings and the like.

International Section

The international section have the main responsibility for the transfer of personal data to third-countries and international cooperation.

Department for technology, analysis and security

The department for technology, analysis and security have the overarching responsibility for digitalisation, carrying out supervisory tasks and the methodology in relation to this, security of processing, technical analysis, as well as strategic work. The department consist of a staff with security and technical experts, as well as a section for analysis, research and politics.

Procedural Information

Applicable Procedural Law

Datatilsynet is, like all other public bodies in Norway, bound by the Public Administrative Act of 1967 (Forvaltningsloven - fvl.) and the Freedom of Information Act of 2009 (Offentleglova).

Complaints Procedure under Art 77 GDPR

While there are no formal requirements by law, Datatilsynet require in general that a complainant has been in touch with the controller, as well as attaching proof of correspondence alongside the complaint.

Datatilsynet also require that the complaint contains:

  • The name of the controller
  • A description of the alleged breach
  • Legal claim and remedy
  • Contact information (name, phone number and postal address)

Datatilsynet does not currently give any information about an e-mail address where the complaint can be sent, but informs that a solution for secure transmissions is being developed. The former e-mail address was

Ex Officio Procedures under Art 57 GDPR

You can help us filling this section!


You can help us filling this section!

Practical Information

You can help us filling this section!


You can help us filling this section!

EU/EEA Data Protection Authorities
Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden
Iceland · Liechtenstein · Norway EDPS · EDPB
Non-EU/EEA Data Protection Authorities
United Kingdom