GDPR Toolkit

EU's General Data Protection Regulation (GDPR) became Norwegian law on 20 July 2018. Wiersholm's GDPR Toolkit has been developed by our privacy experts and enables businesses and public authorities to comply effectively with the regulations.

The purpose of the GDPR is to strengthen privacy and harmonise privacy rules in the EEA, but for many businesses, the data protection regulation has proved complex and difficult to follow. We have tried to break the GDPR down into innovative tools that provide our clients with a more practical approach to the regulatory framework, and that simplifies compliance.

This is important, because compliance with the GDPR provides:

Increased trust

Proper processing of personal data, whether it concerns employees, customers or others, lays the foundation for ensuring trust from individuals and for maintaining a reputation.

Reduced risk

By increasing the focus on privacy in your organisation, and by adopting documented measures to handle all relevant requirements, the likelihood of fines and liabilities is limited.


A transparent approach to privacy is a foundation for gathering high quality data, which is becoming increasingly important for the development of new products and services.

Wiersholm's GDPR Toolkit includes:

Data Processing Agreement

The Data Controller and the Data Processor shall always enter into a Data Processing Agreement. We provide you with access to a standard Data Processing Agreement that covers the GDRP requirements, in both Norwegian and English.

Privacy by Design Checklist

The GDPR requires that privacy is something more than documentation. It must be incorporated into solutions and processes. Privacy by Design implies that the principles of privacy are taken into account when developing solutions and establishing processes. We have developed a simple, digital tool that enthrones embedded privacy. By establishing the checklist as a step in product development, you raise awareness internally – while at the same time, the person responsible for the business' privacy is coordinated.

Reporting incidents

A key part of privacy is to protect personal data against unauthorised access, disclosure, loss, etc. The GDPR requires that appropriate technical and organisational measures be taken for this purpose. Breaches of personal data security may trigger requirements to notify the Data Protection Authority and the affected individuals within 72 hours. To ensure proper internal communication in case of security breaches, Wiersholm has developed a digital form that may be implemented on intranets, webpages or on internal portals.

Data processing protocols

The majority of data controllers and data processors must keep protocols of their processing activities. This requires that company data is mapped and that this overview is maintained upon changes. We have developed a digital solution that facilities mapping, GAP analysis, follow-up and allocation of measures, as well as compliance mechanisms.

Privacy policy

The GDPR gives the data subjects a variety of rights, including right to information, access, correction, deletion, limitation, data portability and the right to object to automated individual decisions. We provide you with access to a standard privacy policy that covers the GDPR requirements, both for consumers and for employees.