Data Protection and GDPR
We have a market leading team of experts, providing strategic and business-oriented consulting on privacy-related matters.
Our privacy team offers comprehensive assistance to companies across various industries and the public sector on all issues related to the use and protection of personal data and other business-critical data.
Our team comprises of lawyers with professional expertise in privacy, digitization, and IT/information security, and they are equipped to assist businesses with all types of privacy concerns, including electronic marketing and e-administration. We help businesses to identify and ensure compliance with General Data Protection Regulation (GDPR) and other privacy regulations. Our lawyers actively participate in relevant professional and industry forums, keeping abreast of current trends, and have extensive experience dealing with authorities, including matters involving the Data Protection Authority.
Our privacy experts provide advice related to compliance, business development, and the handling of security incidents. We assist with entering into all types of agreements concerning data sharing and use, including data processing agreements, agreements on the transfer of personal data to third countries and on the use of cloud services. We also advise on matters relating to privacy in the workplace, notification and investigation, and technology transactions. Our team works closely with other professional groups within the firm to ensure that our clients receive comprehensive assistance that covers all interconnected areas of their business operations.
- Compliance: We provide advice related to ensuring and documenting compliance with data protection legislation, preparing various types of GDPR documentation, determining roles and responsibilities, and implementing training measures to ensure ongoing compliance. We assist with both comprehensive, global GDPR compliance projects, preparing/implementing the Binding Corporate Rules (BCR)/UK BCR as a transfer basis, and conducting Data Protection Impact Assessments (DPIA). We also provide consultancy services related to privacy when implementing various forms of IDD/screening activities and all types of matters with the Norwegian Data Protection Authority, including local supervision and decisions/complaints.
- Business development: We offer consulting services in the development and introduction of new digital products and services, with commercial and strategic consulting where the business model is based on the use of personal data, such as the health or finance sector. It is crucial to identify the scope for action and ensure that applicable regulations are taken into account as early as possible in a development process to ensure the achievement of secure business development.
- Agreements and use of cloud services: We provide assistance with entering into data processing agreements, transfer agreements and the implementation of Transfer Impact Assessment (TIA) related to the availability of personal data outside the EU/EEA. We also assist clients with entering into agreements on joint data responsibility or the disclosure/distribution of data in connection with commercial collaboration.
- Personal data protection in the workplace (control measures): We offer advice related to the introduction of various digital tools that lead to a form of control and monitoring of employees and access to employee e-mail accounts. We also advise on privacy related issues when implementing notification and investigation.
- Information security: We assist with the formulation of requirements for proportionate information security and solutions for authentication (electronic ID), identity management, and the use of encryption.
- Security incidents: We provide assistance with handling breaches of personal data security, assessing risk, and notifying the Data Inspectorate and affected individuals. We also offer advice related to a more holistic handling of such events, including assessing various legal issues that arise in the wake of such matters.
Read our articles on Data Protection and GDPR
All companies face the risk of cyber-attacks. In general, the question is when and not if an attack will strike. Companies should therefore strengthen their cyber resilience and implement robust measures to be prepared to handle all aspects of an attack if/when it occurs.
The EU’s Artificial Intelligence (AI) Act marks a global first, introducing rules for the use and provision of AI systems. At the heart is a commitment to fostering trust in AI to unlock and maximise the vast social and economic possibilities offered by these technologies.
As of today, the British decision to approve transfers to the USA comes into effect. This means that transfers to the USA are now legally permissible from both the United Kingdom and the European Union. The decisions currently in place likely also mean that further transfers from the USA can be accepted - these are known as onward transfers.