Norway Urges Review Of Data Transfers To Russia, Ukraine

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Email Allison Grande

” href=”https://www.law360.com/cybersecurity-privacy/articles/1471524?utm_source=rss&utm_medium=rss&utm_campaign=section#”>Allison Grande Law360 (March 7, 2022, 9:33 PM EST) — Norway’s data protection regulator is calling on companies that export personal data to Russia and Ukraine to reassess these exchanges to ensure that they’re still legal in light of the “changed security policy situation” in the wake of Russia’s invasion of Ukraine. 

In a statement issued Friday, the Norwegian Data Protection Authority, or Datatilsynet, reminded businesses of their obligation to have a lawful basis to transfer personal data to recipients that reside outside the European Economic Area. The EEA comprises the 28 European Union member states, along with Norway, Iceland and Liechtenstein.

The regulator specifically focused on Norwegian companies that “either transfer or have transferred personal data” to Ukraine and Russia for purposes such as outsourcing certain services to data processors that operate in these countries, which have been thrown into turmoil since Russia began its full-scale invasion of Ukraine on Feb. 24.

“Due to the changed security policy situation, we will therefore urge all companies that export personal data from Norway to recipients in Ukraine and Russia to reconsider the legal basis for the data transfers,” the authority said. 

Under the General Data Protection Regulation, which applies to all countries in the EEA and has been in effect since 2018, companies that want to send personal data to countries that haven’t been deemed as

Read more

Explore the site

More from the blog

Latest News