Always act in line with laws and regulations. SiO's operations must comply with the GDPR regulation and Norwegian privacy legislation.
Only store and use personal data that is necessary to deliver a good service offer, have an efficient operation and good and lawful treatment of customers and employees. The purpose of storing personal data must be documented.
Establish built-in privacy in all processes and systems. This means that SiO must be able to handle incidents/deviations in a good and legally correct way, and that data subjects' rights to deletion, access, change and portability must be safeguarded. This also includes personal information about SiO's customers and employees registered with SiO's partners and suppliers.
Have accessible and clear contact points for registered users who have questions or wish to view/change/delete/move data. Correspondingly for notification of deviations
Have a data protection representative who is up-to-date on laws and regulations at all times, has completed the necessary courses and has a direct reporting line to SiO's managing director
Have contracts and/or declarations of consent where it is clearly stated why and how personal data is registered and stored, if the registration and storage of personal data is not authorized by law
Use system solutions that have a sufficient level of security for stored personal data and enable the transfer and deletion of data. Where the current systems do not provide such an opportunity, SiO must have a time-bound plan for the necessary system change, and in the meantime have manual routines that ensure the data subject's rights in the best possible way
Have routines for access control that ensure that only authorized users have access to personal data
Have clear roles and responsibilities within the organisation. This applies in particular to data controllers, security officers and data protection officers. In addition, general managerial responsibility and anchoring must be clear.
Have a conscious relationship with the risk of errors and deviations. Systematically carry out risk assessments and assess privacy consequences. Have good routines for
error correction and deviation handling.
Provide the necessary training for employees who process personal data

Privacy policy and cookies

Content on the page