The Norwegian Data Protection Authority is asking to the direction to set up a processing protocol, as well as to present an inner control and a documentation which will reveal how can be found out the processing responsibility all over the Agency.
The prison service and parole are processing lots of information which are in some cases sensitive on prisoners, employees, relatives and other registered people. It establishes which strict requirements shall have in order to be in compliance with the privacy legislation.
It has not presented yet a satisfying overview of the complex processing of the direction, and this is why the Authority has adopted this order.
Inner control and processing protocol
The order is divided into three parts. The first order means that the Norwegian prison service and parole shall set up a processing protocol and sent it to the Norwegian Data Protection Authority within the term. The second part of the order establishes that the direction shall present all the documents which show how the responsibility of the processing is delegated since the agency. At the end, the direction is pleased to present the inner control for the respect of the privacy legislation.
The Norwegian prison and parole service has an expiring date on the 21st of September in order to get in compliance with the order. The decision may be appealed. The expiring date for complainants is of three weeks since the reception of the letter.
vedtak-om-palegg---brevkontroll-med-kriminalomsorgens-behandling-av-personopplysninger