Five steps for better privacy in your business
GDPR (General Data Protection Regulation) has been part of Norwegian law for seven years already (lovdata.no). The experience so far is that many businesses find GDPR difficult to understand and challenging to implement in practice. Many therefore struggle to see through the "GDPR fog" – for what are actually the simple and effective measures to ensure that the company's digital products and services comply with the law and how do we organize this work?
Here are five measures that both strengthen compliance with the law and improve the quality of the company's digital services.
1. Increase overall awareness within the organization
If the organization develops its own digital products, both privacy and product quality become significantly better when privacy is a natural part of both the development and management of these products.
If your organization procures digital products and services, those who order them must have the competence to set relevant and necessary requirements for suppliers regarding data privacy.
And remember - data privacy must be followed up over time – build it into the organization's routines and quality system.
2. Clarify roles and responsibilities
It is very important that it is clear who is responsible for the various aspects of data privacy within the organization. This applies to the responsibilities of management at various levels, as well as other roles such as developers, administrators, or procurers of digital services.
Internal users of products and services that process personal data must also understand their responsibilities regarding data privacy.
Especially in larger organizations, it is important to have dedicated roles for data protection officers (DPOs) and privacy advisors, and they should also have expertise in technology, organization, and law.
Good data privacy starts with good habits – and clear roles.
3. Build relevant competence within the organization
Many perceive data privacy as a legal discipline – but it is actually interdisciplinary and thus requires insights from several professional fields.
So, if your organization is to succeed with satisfactory and good data privacy, especially if it offers digital services and products, then your employees must receive training on how data privacy affects their role.
Feel free to use those with the most practical experience to train others, but at the same time, be aware when there is a need to bring in external specialist expertise. Good examples and simple templates provide great value.
4. Improve gradually – build it into services and products
Your business must gradually improve processes and responsibilities, thereby gaining a good overview of how personal data is processed.
If your business uses standard software and services, you should establish routines and requirements for the providers of these services.
If you develop and manage your own products and services, product teams should gradually build expertise so that relevant functional and technical requirements for complying with privacy principles are included in relevant specifications, user stories, and technical descriptions.
5. View GDPR as part of change management
Strengthening privacy requires organizational change – it's not a project, but a process that needs to be embedded and followed up over time.
Aboveit can help you with both the big picture and the concrete solutions – from comprehensive improvement work to support in individual projects.
More updates
Aboveit among Norway's best in the Norwegian Championship in AI 2026
Four Aboveit developers competed in the Norwegian Championship in AI 2026, and all four finished among the top 10% of 3,000 participants.
Dynamics 365 CE or custom-developed software – what's best?
Should you choose Dynamics 365 CE or build your own software? We at Aboveit share the pros and cons of both approaches – and advise on how to find the solution that provides the most value for your business.
From structure to flow
Are you running many initiatives but seeing little progress? With Flight Levels, you get clarity, focus, and improved flow – without implementing large frameworks. A practical approach to agile development for the entire organization.
Waken joins Aboveit: 'A natural progression for both companies'
Waken is merging with Aboveit to strengthen its delivery in CRM, customer journeys, and the Microsoft platform.