BB hero 6

Data protection law is growing still more complex and is constantly challenged by digital development. The area involves significant possibilities for development of new and optimisation of existing business areas through increased utilisation of personal data. However, if an organisation does not comply with the rules, it may have serious consequences in the form of large fines, loss of goodwill and market value, claims for damages as well as leaks and abuse of personal data.

The GDPR took effect on 25 May 2018. According to the GDPR, all public and private organisations are now subject to stricter statutory requirements in connection with the processing of personal data. The focus on lawful processing of personal data has increased. Organisations have introduced procedures and changed work processes in order to ensure ongoing compliance, including for instance in relation to data processors, documentation requirements and reduction of risk. Data controllers as well as data processors are subject to the strict statutory requirements, and merely collecting for instance a person's name, an email address or a telephone number will activate the rules.

We can help
Our advisory services focus on practical solutions. Our clients are Danish enterprises, international corporations with head offices or subsidiaries in Denmark, and public authorities. We have vast experience advising clients on the interaction between data protection law and special legislation, including financial, health and marketing legislation. We adapt our advisory services to the organisation's strategy and commercial reality – regardless whether it is a small enterprise, a C25 enterprise or a public authority. Over the past years we have assisted more than 300 organisations with data protection compliance, including the implementation of GDPR.

Our advisory services include:

  • Data protection strategy, including data protection compliance programmes
  • Mapping of personal data
  • Gap analyses
  • International data transmissions, including BCR
  • Security breach
  • Outsourcing
  • DPO Services
  • Processing of employee information
  • Data protection for marketing purposes
  • Use of customer information and cookies
  • Data protection law, due diligence procedures and business transfer
  • Data protection compliance audit
  • Data processor agreements and control of data processors
  • Data Protection Agency permits
  • Apps, AI, big data, etc.

Cloud computing.We can help ensure that you comply with legislation, for instance by offering a data protection pre-analysis or an audit examining whether the measures already implemented are sufficient and are observed by the organisation. We assess the risks and make the necessary operational implementation recommendations ("closing of gaps"). 

We also offer DPO training for organisations that are obligated to or voluntarily appoint a DPO. This training is also useful for organisations that are not required to have a DPO but want one of the most in-depth data protection courses on the market.

For many organisations, data protection compliance begins with establishing an overview of the type of personal data the organisation processes, i.e. mapping of personal data. As the only law firm in Denmark, we offer our own IT support for this process. With PACTIUS Privacy we offer our clients a convenient, easily accessible and price-competitive management tool for the challenges presented by practical compliance documentation. PACTIUS Privacy may be applied in the drafting of the statutory list of processing activities, storage of data processor agreements and overview of risks facing the organisation.

When required to ensure optimal advisory services, we cooperate with our experts in the areas of, for instance, Compliance, Real Estate & Construction, EU & Competition, Labour and Employment Law, Pension, Insurance. 

Data Protection

Data Privacy and Protection

Ranking: tier 1

Bech-Bruun's expertise spans data compliance programmes and audits, gap analyses, international data transfers, cybersecurity incidents, outsourcing mandates, Data Protection Agency (DPA) notifications and data litigation. In 2019, the firm launched its DPA Service, a digital solution which facilitates clients’ compliance with GDPR requirements in relation to auditing data processors. Clients praise the department for its 'combination of traditional counsel in conjunction with an actual privacy tech tool, which saves a lot of time on the actual implementation of compliance'. Mikkel Friis Rossa heads up the practice, which also includes Susanne Stougaard, who handles vendor and buy-side due diligence work.

‘Striking a good balance between academics and pragmatism, the team seamlessly engages with our business.’

‘The team is very focused and dedicated – you can reach them at all times and it is the same few, but very capable persons. They have a strong and good knowledge of the law and the client – which is a unique combination.’

‘The combination of traditional counsel in conjunction with offering an actual privacy tech tool saves a lot of time on the actual implementation of compliance.’

‘They are very innovative and have developed good technological solutions for controlling and complying with GDPR rules.’

Legal 500, Data Privacy and Protection


Let us call you

If you would like us to call you, please contact us via email here