Although not a member of the EU, Norway is a member of the European Economic Area (EEA). The GDPR was incorporated into the EEA agreement and became applicable in Norway on 20 July 2018. Norway is thus bound by the GDPR in the same manner as EU Member States.
In preparation for the GDPR, large areas of Norwegian law underwent a thorough review, and legislative changes were made as needed. This included the implementation of a new Privacy Act, and technical changes in the legislation relating to camera monitoring in the work place and access to employees’ emails. The Privacy Act section 6 (the equivalent of GDPR article 88(1)) give employers the right to process special categories of personal data if it is necessary for carrying out the employer or employee’s obligations or rights in the employment field.