GDPR is the abbreviation for General Data Protection Regulation, also referred to as the Privacy Regulation. This is a regulation, or a new privacy law if you will, which was adopted in the EU and entered into force on 25 May 2018.
The whole point of this new law is to protect personal data and the processing of these in the EU. That is, to check that personal information about me and you are collected and taken care of in a secure way, and at the same time give users more rights when it comes to our own information.
As a member of both the EEA and Schengen, the law also applies to Norway. This means that all Norwegian companies have to comply with the new privacy regulation, regardless of size, as long as they receive and process information that can be linked to individuals. Be it customers, stakeholders, or own employees.