The common contact register (KRR)
The common contact register is a register that enables public entities and businesses undertaking tasks on behalf of public entities to communicate digitally with citizens. The register has its legal basis in the Regulations concerning electronic communication with and within the public administration (eForvaltningsforskriften)  and Clause 6, Parts C and E of the General Data Protection Regulation (GDPR). Difi is the data controller for the register.
The register may, without the consent of the registrant, contain the following data: 
- name and unique personal identifier
- the contact information necessary for electronic communication with a registrant
- information concerning the preferences of a registrant with regard to electronic communication
- information concerning the legal authority of the registrant
- other information that is essential for the administration to be able to manage and process their electronic communications.
Examples of information in the register under point 5 of this list are choice of language and an encryption certificate for a digital mailbox. The purpose of the processing is to facilitate secure and efficient electronic communication from the administration to you as a private individual. The data may be used in connection with the processing and execution of administrative tasks and shall be used for notification pursuant to Section 8, third paragraph of the Regulations concerning electronic communication with and within the public administration (eForvaltningsforskriften), e.g. notification that a decision regarding an individual has been made and sent to the digital mailbox of the registrant. 
The data in the register can be stored for an unlimited period, but inclusion in the register is voluntary. You have the right to modify or delete the data relating to you. You can access and manage
your e-mail address, telephone number, choice of language and preferences via noreg.no. Requests to be deleted from the register can be submitted via a separate form.
Access and changes to the register are logged for administrative and security reasons. The log data will be deleted after six months.
The common contact register can be used by all public entities to exercise public authority. Some public entities their own copy of the common contact register and have entered into data processor agreements with Difi. The copies are kept continuously up-to-date.
- The Norwegian Labour and Welfare Administration (NAV)
- The Norwegian Tax Administration
- The Norwegian State Educational Loan Fund
- Norwegian National Collection Agency
- The Norwegian Armed Forces
- The Norwegian Directorate for Civil Protection (DSB)
- Norwegian Public Roads Administration
Difi uses Evry as the service provider for the common contact register, and a processing agreement between Difi and Evry has been signed.
Digital mailbox for citizens is a common solution that public entities and businesses that carry out tasks on behalf of public entities can use to send mail digitally to citizens. The solution consists of two main components: A message sending service and a digital mailbox.
Message sending services:
It is the individual entity sending the communication that is responsible for the processing of personal data in letters that are sent to a digital mailbox, up until the letter is made available to the citizen in the mailbox. The entity sending the communication is responsible for logging data that is necessary for being able to clarify any error situation and to ascertain when the mail was received by the message sending service and the digital mailbox.
Difi is the data processor for the personal data in letters that the entity sending the communication sends to a citizen's digital mailbox This applies up until the letter is made available to the citizen in the mailbox, and for the log data mentioned above. Logs are kept for a maximum of 24 months after the mail has been delivered to the mailbox provider or an error message has been sent to the entity sending the communication.
Posten AS (Digipost) and e-Boks AS (e-Boks) are the providers of digital mail boxes for citizens. The privacy statement for Digipost can be found here. The privacy statement for e-Boks can be found here.
Requests for access
As a registrant you are entitled to access any personal data about you that exists. As the data controller, Difi is also responsible for obtaining information from those who have a copy of the national contact register. To request access, you must use a separate form that you send to Difi on paper with a signature, or you can visit Difi in Oslo or in Leikanger in person with personal ID. We cannot send the information to you via regular e-mail, but will send it to you via your digital mailbox if you have one, or on paper to your registered address. You are entitled to appeal to the Norwegian Data Protection Authority if you believe you do not get what you are entitled to from Difi.
Contact details for Difi and the Data Protection Officer:
The Agency for Public Management and eGovernment (Difi)
PB 8115 Dep., 0032 Oslo
Visiting address Oslo: Grev Wedels plass 9
Visiting address Leikanger: Skrivarvegen 2
Data Protection Officer:
Questions connected to personal data registered in public digital solutions Difi is responsible for, should be directed to our helpdesk; email@example.com . Our Data Protection Officer will handle other types of questions on data protection: firstname.lastname@example.org
 Regulation 25 June 2006 No. 988 Regulations concerning electronic communication with and within the public administration.
 Section 31 of the Regulations concerning electronic communication with and within the public administration (eForvaltningsforskriften).
 Section 29 of the Regulations concerning electronic communication with and within the public administration (eForvaltningsforskriften)