Last review date: 27 December 2024

Yes.

Yes.

If yes, under what circumstances?

☒        the processing is carried out by a public authority or body, except for courts acting in their judicial capacity
☒        the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale
☒        the core activities of the controller or the processor consist of processing on a large scale of special categories of data

Last review date: 27 December 2024

Yes.

If yes, what are these requirements?

☒ other professional qualifications / experience

☒ other

The DPO must be able to execute the following tasks:

• inform and advise the controller or the processor and the employees who carry out processing of their obligations
• monitor compliance with applicable provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits
• provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to applicable provisions
• cooperate with the supervisory authority, and

act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation, and to consult, where appropriate, with regard to any other matter

Last review date: 27 December 2024

No.

However, there are a few cases where the Norwegian Data Protection Authority shall be involved. See GDPR 58 (3), art. 36, art. 40 and art. 47 regarding these special circumstances.