Skip to main content
Uncategorized

GDPR compliance in the Nordics

By November 25, 2025December 2nd, 2025No Comments

GDPR compliance in the Nordics (DK/SE/NO/FI) – special rules in each country

GDPR applies equally across the EU/EEA – but each country has specific national rules and practicesthat particularly affect issues such as camera surveillance, employee monitoring and the use of national ID numbers. Here are the key differences you need to know when working Nordic. (GDPR Article 87, for example, gives countries the right to set special conditions for national ID numbers).

GDPR in Denmark (DK)

The Danish Danish Data Protection Act complements the GDPR. Two things stand out in practice:

  • CPR numbers have special rules (§11) that limit their use and require additional legal authority/security.
  • CCTV surveillance is a separate area that the Danish Data Protection Agency also oversees.
    See more at the Danish Data Protection Agency (the national supervisory authority). datatilsynet.dk

GDPR in Sweden (SE)

IMY (Integritetsskyddsmyndigheten) is the supervisory authority. Sweden has both GDPR and a Camera surveillance law. From On April 1, 2025 the requirement for prior authorization for many types of camera surveillance was removed (in return, liability and information requirements are tightened).

Sweden also has special rules for social security numberThe starting point is that processing requires consent – with exceptions where unique identification is necessary or there are other compelling reasons for this.

GDPR in Norway (NO)

Data Protection Authority is the supervisory authority. Norway is known for a Restrictive employee monitoring practices: Using digital tools to monitor employee devices is “fundamentally illegal“, with narrow exceptions and requirements for careful assessment and proportionality. There are special rules for access to email etc.

Norway’s rules on national identity number (national ID number) require that processing only occurs when there is a legitimate need for secure identification.

GDPR in Finland (FI)

The supervision is handled by Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). Finland has a widespread use of personal identity code(henkilötunnus) with special rules on when and how it can be processed. The government pages have practical Q&As on usage – also in industry-specific situations.

What does it mean to you?

  • Plan across across countriesbut check local special rules for CCTV, employee verification and national ID numbers before rolling out processes/systems.
  • Do you have cross-border treatmentone lead regulator can become your primary contact (one-stop-shop), but local requirements (language, practices) still apply.

Train your entire organization – fast

Grapes GDPR Course online course provides a common level across your organization and can be adapted to your policies – so you both do right and can prove it.

SEE MORE about GDPR