Norway's data protection practitioners

Grip nøkkelen til
privacy
and information security

We help businesses gain control of privacy – sufficiently and in the right order. Breathe easy, and tell us where it hurts.

Let's have a chat Our Method

▶ Watch video – Erik on privacy (53 sec.)

0+
Companies helped
Businesses with privacy in their system
0+
Years of experience
Combined team experience
0%
Missing GDPR training
Of Norwegian employees
0%
Time saved
With the right tools

Our Method

Check. Good enough.
Correct order.

Control is not documentation. Control is management. Good enough is maturity – not perfectionism.

🎯
Control
Management knows what is being processed. Responsibility is clearly placed. Risk is prioritized – not just mapped.
Scales of justice
Good enough
Measures are proportionate to risk. You do what actually reduces exposure.
🧭
Correct order
Understand what is being handled. Clarify responsibilities. Prioritize risks. Establish routines.
🏆
Competitive advantage
Privacy as a strategic superpower – not just a legal requirement.

Our role

Structural builders.

We're making privacy something the entire organization owns—and grows with.

"Those who believe GDPR is a one-time task that can be checked off a list should talk to us. GDPR is an ongoing process – just like accounting!"

— Erik Horn, PrivacyPractitioners

How we work

01

Understand what is actually being processed – and why

Analysis of existing knowledge and reviews.

02

Clarify ownership and responsibility

No one can take responsibility for something they don't know they own.

03

Prioritize risk

Turn maps into action.

04

Establish structure and routines

Build something the organization can live with over time.

05

Document what is actually used

Documentation that lives – doesn't gather dust.

Services and products

What we offer

Privacy must be treated on par with the company's accounting.

🔍

Consulting & Advisory

Customized solutions for effective privacy work – tailored to your business.

  • GAP analysis and risk assessment
  • Treatment Protocol (ROPA)
  • Data Processing Agreements
  • Privacy Policies
  • Technological guidance
🎓

Courses & e-learning

From complex regulations to practical understanding for all levels.

  • From theory to practice
  • User-focused training
  • GDPR explained simply
  • Documentable training
🤝

Workshop

Together on making privacy simple – practical implementation in collaboration.

  • Practical implementation
  • Cross-departmental collaboration
  • 1:2:1 coaching
  • Tailored for Leaders
Tools

Tools & Templates

Smart tools that save time and ensure compliance.

  • Time-efficient checklists
  • Painter for appointments and routines
  • E-books and guides
  • Risk registers and cookie templates

Fagartikler

GDPR: More than just Compliance

See all articles
Illustration of supply chain and NIS2 requirements for SMEs
Compliance IT Security

NIS2 doesn't stop at those subject to NIS2

"Many small and medium-sized businesses have looked at NIS2 and thought that it only applies to a few large players..."

· April 6, 2026
Read the article
Pencil illustration of two people over a table — the perspective is reversed, you are now on the vendor’s side
Change management Compliance Privacy (GDPR)

The day your customer asks — are you ready?

You've tidied up your supplier agreements. Good. But then the customer flips the question: how do you handle our data?...

Erik Horn · April 6, 2026
Read the article
Pencil illustration of a document that gradually changes — the text fades as the reality around it grows
Compliance Privacy (GDPR)

The agreement you signed — and the reality you live in

You found the data processing agreement. You opened it. And you discovered that it describes a collaboration that no longer exists.

Erik Horn · April 5, 2026
Read the article

Privacy in practice

From the GDPR world – with a sideways glance

See all →

Do you give your customers a real choice?

The download form asks for an email for the guide. The app asks for location to function. Is that consent — or payment in another currency?

May 5, 2026 Read more →

Who owns the system no one is using?

The boat wasn't just about bad security. It was about no one being responsible for the system.

May 5, 2026 Read more →

What does your newsletter tool know about your subscribers?

Mailchimp shows you who opened your newsletter at 9:14 AM on an iPhone. Have you told your subscribers you can see that?

May 4, 2026 Read more →

Frequently Asked Questions

Okay, let's start by understanding. Here are the most common questions.

Let's shed light on the basics.

Ask us another question
GDPR is the EU's General Data Protection Regulation that protects personal data and regulates how businesses collect, store, and use this data. For your business, it's an opportunity to build trust and a competitive advantage—and you'll also cover the legal requirements as a bonus.
💡 Start by understanding what personal data you actually process – that's the first step in the right order.
This is the overview of how personal data is processed in the company, why it is processed, and who has access. All companies must have this.
💡 Start simple – a structured Excel sheet is better than no overview.
A privacy policy tells the world how you process personal data. And ensures good privacy throughout the entire journey.
Ensure the declaration aligns with what you actually do in practice.
A data processing agreement is a contract between your business and a third party that processes personal data on your behalf. All businesses that use vendors with access to personal data need this.
Review all vendors who handle personal data and ensure updated agreements.
A risk register helps you identify and document risks related to the processing of personal data, and prioritize measures that actually make a difference.
Start with the most critical treatment activities.
Phishing-resistant authentication uses methods like FIDO2/WebAuthn and passkeys that cannot be phished physically. GDPR Article 32 requires technical measures against unauthorized access.
Start with passkeys in Microsoft 365 or Google Workspace. Read our professional article

About Us

Two practitioners. I am a philosopher.

Two practices. One philosophy. We make privacy something the whole organization can own — well enough, and in the right order.

Erik Horn — Privacy Practitioner and Structurer, PrivacyPractitioners
UH

Erik Horn

Privacy Practitioner & Structure Builder
LinkedIn
«GDPR is an ongoing task – just like accounting!»

Privacy practitioner with over 30 years of experience organizing data, processes, and systems – locally and internationally. Extensive management background in finance, HR, administration, and board work across industries.

Through PersonvernPraktikerne.no and GapSolutions, he helps leaders make GDPR a real competitive advantage – pragmatically, motivationally, and based on trust.

Ingvill Githmark — Privacy Practitioner and Project Manager, PrivacyPractitioners
IG

Ingvill Githmark

Privacy Practitioner & Project Manager
LinkedIn
«No one is expected to do everything, but everyone is expected to do something.»

Privacy practitioner with a background in the advertising industry, customer service, and marketing – including Posten Norge and Nordic Choice Club. PRINCE2 certified project manager.

Helps businesses prioritize the right actions and see privacy as a strategic superpower.

Our Process

The hardest step is realizing that improvement is needed.

01

Identify the need

Analysis of existing knowledge

02

Define goals

Create a plan based on the GAP analysis

03

Knowledge and Tools

Tribal language to simple activities

04

Follow-up

Help as Needed – GDPR is a Journey

What customers say

We are proud of the trust we get

"
We found the privacy practitioners to be organized, knowledgeable, and skilled at explaining complex legal issues in an understandable way.
Irja EliassenProject Manager, VisitOSLO
"
Erik has made the complicated simple and easy to understand in a motivational and confidence-building way. The best investment Teamwork has made in a long time.
Runar HeggenGeneral Manager, Teamwork AS
"
Ingvill has been invaluable with the privacy policy. She provided clear and concrete feedback. Highly recommended!
Heidi Tangeraas DoctorCommercial photographer
"
Getting something that might seem scary explained in a simple and relatable way is incredibly valuable. I highly recommend Personvernpraktikerne.
Cathrine NaglestadFounder, Walk in the Park
"
Privacy is really just common courtesy. With Erik's help, I gained a clearer understanding of how I should think about working with GDPR.
Lars TobiassenGeneral Manager, Council for Wet Zones
"Privacy isn't something you can do once and be done with. GDPR is an ongoing task – just like accounting!"
— Erik Horn, PrivacyPractitioners

Contact

Let's take in speech

You don't need to have all the answers ready. Tell us where the shoe pinches—and we'll figure it out together.

LinkedIn

Erik Horn on LinkedIn

Ingvill Githmark on LinkedIn

📅

Do you want to talk instead?

15 minutes over Teams. No agenda, no sales.

Grab a Teams coffee









    Newsletter

    Stay updated

    Sign up and get the latest articles, GDPR insights, and useful privacy perspectives.