In all cases, the relationship between UiO as data controller and the external data supplier, the data processor, shall be regulated in a data processor agreement. This is regulated by The Personal Data Act section 13, cf. section 15.
An external data supplier, the data processor, cannot process the personal data of employees, students, guest researchers, guests or respondents/informants at UiO in a manner other than what is agreed in writing