The Personal Data Act requires persons responsible for a system or service to take data protection into account during all development phases of the solution, so-called Privacy by Design.
The users of online services and solutions expect them to be secure and to safeguard personal data in a proper manner.
Before purchasing IT services, you must get an overview of the security requirements that the services must meet. You need to find out what kind of information will be processed in the service, and assess the need for information security related to that information.
The assessment forms the basis for finding out whether you have to make special demands on the supplier or on the way in which the information is to be processed.
If you are going to outsource the operation of IT systems, or buy software that is delivered via the internet (cloud service), it means that you are handing over your data to the provider. If the solutions in question contain personal data, you must take special considerations into account.
- See what obligations organisations have in relation to Privacy by Design (Norwegian Data Protection Authority)
- See the guide for software development with Privacy by Design (Norwegian Data Protection Authority)
- See Article 25 of the Personal Data Act concerning Privacy by Design (Lovdata) Norwegian only