What is GDPR?
The General Data Protection Regulation (GDPR) is an EU regulation that was adopted on 24 May 2016. It is a revised version of the 1995 EU Privacy Directive and it will apply directly to all EU/EEA countries from 25 May 2018. The new rules are based on the same general principles as the former ones, but the updated version has more obligations for companies and the rules will strengthen the protection of individuals’ personal data.
Highlights of the new regulation:
- The notion of consent has been strengthened. We now need our customers to clearly and affirmatively give us permission to process their data for certain purposes. This means that we have improved the information we give to our customers and keep better track of their consents.
- We will be held more responsible and accountable for our processing activities, e.g. through mandatory privacy risk assessments. This means that we now keep a closer track of our processing activities and document the data flow based on new GDPR requirements.
- Customers will have easier access to their personal data and will be able to transfer their data elsewhere (data portability). We make sure that we have the technical capabilities to support this new right.
- Those that process personal data on our behalf will assume more responsibility, and in light of this, we look at all agreements in place with vendors and business partners in the light of the new GDPR requirements.
What has Telenor Group done and is still doing?
We have run dedicated GDPR projects that have guided the processes towards overall GDPR compliance. The work and efforts put in to document these processes has been a key factor to our GDPR readiness. We have for example built inventories of our processing activities through local mapping exercises. The mapping work is now part of our continuous day to day work when processing personal data.
We have also held workshops (both internally and across the industry) to share experiences and insights on how to align ourselves towards GDPR compliance. In January 2018 we launched a mandatory eLearning programme for all Telenor employees, and we have several role-based trainings conducted for specific groups of employees. We have also worked on technical solutions and services to support the strengthened rights of our customers, such as easy-to-use solutions for customers to consent to processing, and better solutions for internal consent management. We continuously work towards the best solutions from both a customer experience and privacy perspective.
All Telenor employees are responsible for getting familiar with the new rules and understanding what is needed for them to be compliant. Our central and local GDPR projects, as well as the Data Protection Officers and experts across Telenor have done and are still doing their utmost to make sure the right information and tools reach the right people throughout the company.