Data Protection & Privacy

Brass padlock on brown medal fence.

Do you have questions related to data protection & privacy? Contact us to hear more about your options.

Today's almost limitless digital possibilities enable companies to collect, store, use and share vast amounts of information about individuals. Most businesses handle personal data in a manner that requires internal procedures, agreements, routines and website policies. Further, companies are increasingly exchanging data with foreign companies, either as suppliers or as customers, in a corporate relationship, or in connection with transactions. Such data exchange is often subject to specific data protection rules on cross-border transfer of personal data.

Our data protection experts advise businesses on the legal developments within the areas of privacy law and cybersecurity. We advise clients on data protection compliance and issues related to the EU's General Data Protection Regulation (GDPR). We provide advice and follow-up assistance when companies experience cybersecurity attacks or other data breach incidents. We assist in developing and putting in place robust control and security routines, consent mechanisms, privacy policies, intra group agreements and Codes of Conduct. We consider reporting duties as well as applications and requirements for data protection officers (DPO). Furthermore, we provide advice on all forms of dialogue and disputes with the authorities, hereunder the Privacy Appeals Boards. We have extensive experience with cross-border transfer of personal data, both within corporations and in connection with outsourcing and cloud services, including drafting of transfer impact assessments and compliance with the EU-US Data Privacy Framework. We assist with data processing agreements based on EU Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR).

Our services include:

  • Compliance with applicable data protection and privacy laws

  • Cross-border transfers of personal data (Schrems II, EU's SCC, and BCR, etc.)

  • Cloud computing, outsourcing and use of sub-processors

  • Risk assessments including data protection impact assessments (DPIA) and transfer impact assessments (TIA)

  • Data processing agreements

  • Privacy policies and cookie notices

  • Acting as external data protection officer (DPO)

  • Licenses from and notifications to the authorities

  • Consent mechanisms

  • Customer loyalty programs

  • Workplace privacy, monitoring, and background checks

  • Employee guidelines for use of smartphones, e-mail, and social media

  • Support during and after cybersecurity attacks and other data breach incidents

  • Internal policies regarding data protection and cybersecurity

  • Access to email, chain of custody and eDiscovery

  • GDPR awareness and training sessions

  • Online marketing, behavioral advertising, and retargeting

  • Support before, during, and after inspections by data protection authorities

  • Whistleblowing and internal reporting

  • Advice on rollout of new technology and applications (Privacy by Design)

  • GDPR within Fintech, Biotech, Proptech, Adtech, Medtech, Retail, Insurtech, Edtech and Cleantech/Greentech