Telenor ASA. – €338,000 Fine (Norway, 2025)

€338,000Datatilsynet (Norway)10 March 2025Norway
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Telenor ASA in Norway faced a fine of €338,000 for not properly managing its Data Protection Officer's role. The company failed to document the DPO's responsibilities and lacked necessary internal controls. This case highlights the need for clear data protection practices in organizations.

What happened

Telenor ASA did not adequately assess or document the role of its Data Protection Officer.

Who was affected

Customers of Telenor ASA whose personal data may not have been adequately protected due to poor internal controls.

What the authority found

The DPA found that Telenor violated GDPR rules by lacking proper oversight and documentation for its Data Protection Officer.

Why this matters

This case serves as a warning that companies must establish clear data protection roles and responsibilities. Organizations should ensure they have strong internal controls to protect user data effectively.

GDPR Articles Cited

AI-verified

Art. 24(1) GDPR
Art. 37(7) GDPR
Art. 38(2) GDPR
View original scraped data
Art. 24(1) GDPR
(2) GDPR
Art. 37(7) GDPR
Art. 38(2) GDPR
(3) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
amount discrepancy
Norway enforcementDatatilsynet (Norway) actionsAll Telenor ASA. actions
Full Legal Summary
Detailed

The Norwegian DPA has imposed a fine of EUR 333,800 on Telenor ASA. During its investigation, the DPA found that the company had not conducted sufficient assessments and documentation regarding the role of the Data Protection Officer (DPO). Additionally, no direct and documented reporting line from the DPO to the highest management level had been established. The company also lacked adequate internal controls. The DPA further criticized the absence of appropriate organizational measures and guidelines for the DPO's role.

Related Enforcement Actions (0)

No other enforcement actions found for Telenor ASA. in NO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 March 2025

Authority

Datatilsynet (Norway)

Fine Amount

€338,000

Enforcement Tracker ID

ETid-2573

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Telenor ASA. - Norway (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: