GDPR Delayed until at least July 1
Even if the Parliament managed to deliver the proposition earlier than they expected, the implementation of GDPR in Norwegian law will still be dependent on that GDPR formally is included in the EEA-agreement.
There are three conditions which have to be in place before GDPR formally is included in the agreement:
- Final approval of the draft from the Council of the European Union,
- that the regulation is adopted on the next meeting with the EEA-committee which is currently scheduled for May 31, 2018,
- all the EFTA-countries must adopt the decision of the EEA-committee.
It is likely, but not guaranteed, that the Council's approval will come before May 31, 2018 to make the EEA-committee able to adopt GDPR on this date. There is, however, a constitutional reservation for referendum in the country Liechtenstein which is causing further delays. The regulation is taken with the reservation that it will not be necessary with a referendum in Liechtenstein the following month. The authorization rule in Liechtenstein means that the constitutional reservation may only be terminated on July 1, 2018. Based on this, the regulation will, most likely, not be included in the EEA-agreeement, and consequently neither implemented in Norway, not earlier than July 1, 2018.
In spite of this delay, there is no reason to rest on laurels. All businesses must relate to the regulation, regardless of eventual delays. We therefore encourage all to keep on with the work to ensure compliance with the imminent regulatory framework.