Data privacy and data protection in Denmark

Bech-Bruun

Bech-Bruun is highly regarded for delivering pragmatic solutions to the complex challenges of data protection regulations. The firm works with a diverse client base, including public bodies, Danish businesses, and international corporations, offering comprehensive expertise in data privacy and protection. With a strong focus on legal tech and GDPR services, the firm also provides expert guidance in cybersecurity incident response management. The practice is led by Mikkel Friis Rossa, who advises prominent domestic and international clients on GDPR compliance, including contesting fines and implementing global data protection programmes. Thomas Munk Rasmussen heads the data protection transaction team, providing essential compliance input throughout all stages of M&A and property transactions. Egil Husum‘s advisory scope spans public authorities and private enterprises, offering invaluable guidance on diverse data protection issues. Emil Brockstedt Marburger excels in cyber incident handling and specialises in data protection for the pharma, biotech, medico and telecoms sectors.

Praxisleiter:

Mikkel Friis Rossa


Weitere Kernanwälte:

Thomas Munk Rasmussen; Egil Husum; Emil Brockstedt Marburger


Referenzen

‘Very diverse team, very skilled and each person is capable of different things. It’s very tailored help.’

‘Important knowledge, always available, great overview and good service. I use Bech-Bruun on cyber claims, they are our first responses in case of a cyber breach.’

‘Whenever we come short in internal expertise within the data privacy and data protection area our first choice is to call Bech-Bruun. Besides having an in-depth understanding of the regulatory area and practices, they have a strong ability to adapt the to specific needs of the client.’

Kernmandanten

Jyske Bank


Tivoli


Pandora


A.P. Møller Holding


IMPACT


NRGi


Arp-Hansen Hotel Group


USTC Group


T. Hansen Group


Kamstrup


Lessor Group


L’Oréal


CNA Hardy Denmark


LEO Pharma


ALK Abelló


One.com


Kereby


AllUnite


The Municipality of Helsingør


Rockwool


Highlight-Mandate


  • Representing Arp-Hansen Group, the largest hotel chain in Denmark, in a landmark GDPR matter on the interpretation of GDPR Art. 5, 1. before the High Court.
  • Representing ILVA A/S in a landmark GDPR matter before the Court of Justice of the European Union concerning the interpretation of Art. 83(4) of the GDPR and particularly the concept of ‘undertaking’ within the GDPR for the purpose of calculating fine levels for violations of the GDPR by data controllers being part of a group of entities.
  • Advising Kamstrup on certification under the Data Privacy Framework (USA) and various GDPR matters such as DPIAs on AI and securing ongoing GDPR compliance in relation to employees, customers and vendors.

Gorrissen Federspiel

Gorrissen Federspiel’s data protection team is highly regarded for handling complex, data-related cases for leading Danish and international organisations across key industry sectors, including renewables, media and entertainment, retail, life sciences, and engineering. The team provides expert advice on data protection, data ethics, cybersecurity, digital transformation, and regulatory matters, excelling at the intersection of technology and law, particularly in IT and digital infrastructure. The practice is co-headed by Tue Goldschmieding, who leads the privacy and cybersecurity practice, advising on large-scale GDPR compliance projects for major corporations, and David Telyas, who assists clients with new product launches, compliance projects, M&A transactions, and regulatory cases. Max Gersvang Sørensen strengthens the team with his expertise in data privacy, crisis management, and handling security breaches for significant multinational companies.

Praxisleiter:

Tue Goldschmieding, David Telyas


Weitere Kernanwälte:

Max Gersvang Sørensen


Referenzen

‘They are good at knowing the risk level of their clients and advise accordingly.’

‘They invest time and resources in getting to know the client in order to give the best advice.’

‘David Telyas has always provided exceptional service. He is very approachable and available on short notice. He and his team deliver during the promised time period.’

Kernmandanten

Aller A/S A.P.


Møller – Maersk A/S


FOSS A/S


Novo Nordisk A/S


Rambøll Group


Schibsted Denmark ApS


Vestas Wind Systems A/S


Kromann Reumert

Kromann Reumert’s data protection team advises on all aspects of GDPR and data handling across sectors, including energy, financial, pharmaceutical, and other highly regulated industries. The team has strengths in AI and cloud migration services, including DPIAs, compliance risk assessments, privacy, and international data transfers. It provides guidance on data processors, security breaches, internal investigations, whistleblowing schemes, and more. The practice is led by Pia Kirstine Voldmester, who brings over two decades of expertise in complex compliance projects, regulatory disputes, and cybercrime incidents. Birgitte Toxværd advises on data protection, from individual processing tasks to large-scale compliance projects. Daiga Grunte-Sonne offers expertise in consent rules, legitimate processing, data use, third-country transfers, and data processing agreements, supporting clients across all industries.

Praxisleiter:

Pia Kirstine Voldmester


Weitere Kernanwälte:

Birgitte Toxværd; Daiga Grunte-Sonne


Referenzen

‘Excellent privacy knowledge and very practical advice.’

‘We appreciate the practical insight and up-to-date knowledge of legislation and case law. We also appreciate the availability and swift interaction when matters need attention. Finally, we appreciate the combination of knowledge of data protection, AI and other financial areas.’

‘Pia Kirstine Voldmester stands out in terms of being practical in her legal guidance and able to deliver a clear message to senior management and Birgitte Toxsværd stands out in terms of her technical knowledge.’

Kernmandanten

The Danish Cancer Society (Kræftens Bekæmpelse)


Deloitte


Demant


DSB – the Danish State Railways


Experian


Food Folk Danmark


ISS World Services


The Danish Organization of General Practitioners (PLO) and the Danish Medical Association (Lægeforeningen)


Synoptik


Taxa 4×35


Telenor


Tryg Forsikring


TV 2 Danmark


Velliv, Pension & Livsforsikring


Accura Advokatpartnerselskab

Accura Advokatpartnerselskab’s dedicated data protection and cybersecurity team has extensive experience in privacy and data protection law, with particular expertise in the health, life sciences, financial, insurance, and employment sectors. The team represents large national and international companies on a wide range of assignments, including full-scale compliance projects, GDPR audits, IT risk mapping, due diligence, and drafting GDPR codes of conduct. They also provide data protection officer services and have developed a risk assessment module and audit scheme. Led by Jens Harkov Hansen, a seasoned professional with over 18 years of experience advising Denmark’s largest businesses, the team is further strengthened by Dan Ermose, who brings over two decades of expertise in IT contracts, outsourcing, and handling data in regulated industries such as finance and insurance.

Praxisleiter:

Jens Harkov Hansen


Weitere Kernanwälte:

Dan Ermose; Rasmus Holm Pedersen


Referenzen

‘What sets Jens Harkov Hansen’s team apart is his deep understanding of both legal frameworks and the technology that underpins data protection legislation.’

‘Jens Harkov Hansen is to the best of my knowledge the absolute most knowledgeable lawyer in the country when it comes to privacy law.’

‘The team is exceptional in their ability to offer practical, tailored solutions that truly address our specific challenges.’

Kernmandanten

GF Forsikring A/S


Fiskars Group


North Risk A/S


Lessor Group A/S


Birch Ejendomme ApS


Undersøgelseskommissionen om SKAT


OK a.m.b.a.


BL boligselsksbernes landsforening


Highlight-Mandate


  • Assisted GF Forsikring A/S with GDPR compliance matters.
  • Assisted Fiskars Group with various data protection matters in relation to outsourcing of IT services.
  • Assisted North Risk A/S with group GDPR compliance matters.

Bird & Bird Advokatpartnerselskab

Bird & Bird Advokatpartnerselskab’s fully specialised data protection and privacy team advises major international corporations, local private clients, and public sector organisations on all aspects of data protection law. With strong international and cross-border capabilities, the team is backed by the firm’s extensive global data protection network. The practice is led by Michael Gorm Madsen, a seasoned data protection lawyer with 25 years of experience advising on some of Denmark’s largest data protection projects. Camilla Bjerning Schack, who heads the team’s DPO service line, supports Madsen on large-scale international compliance projects for Danish and foreign clients.

Praxisleiter:

Michael Gorm Madsen


Weitere Kernanwälte:

Camilla Bjerning Schack


Referenzen

‘The team possesses an in-depth and practical knowledge second to none. Its advice is solidly founded in the law and with a profound understanding of the client’s business and needs.’

‘Michael Gorm Madsen has a sharp eye for advice on a no-nonsense basis always with a focus on the client’s question and with the ability to also detect the surrounding relevant issues that may influence but without inflating the assignment.’

‘Very strong within the field of data protection, GDPR in particular. Strong analytical approach to a legal white paper conducted in an EU project we are part of.’

Kernmandanten

WSAudiology


Danish Centre for AI Innovation A/S


Synsam Group


UNEEG medical A/S


ALK-Abello Nordic A/S


Kombit A/S


NNIT A/S


Milestone Systems A/S


Scalepoint Technologies A/S


Semler Group


Veo Technologies


Data for Good Foundation


LLOYD Copenhagen ApS


Technolution A/S


Danmarks Miljøportal


Det fælleskommunale Databehandlersekretariat


APC Forsikringsmæglerne A/S


Better Energy A/S


Easy Translate A/S


Cookie Information A/S


Tempur + Sealy


E-nettet A/S


Foreningen Lex.dk


Gehl Architects


Cisu Civilsamfund i Udvikling


Bofælleskabet Lykke Marie


Naturstyrelsen


Global Biodiversity Information Facility Secretariat


Highlight-Mandate


  • Advised WSAudiology on privacy aspects in the development and implementation of hearing aid fitting solutions including drafting a privacy impact assessment, developing data processor agreements, privacy notices and assisted in the global implementation.
  • Assisting the Danish Centre for AI Innovation A/S with the drafting of the contractual set up to allow researchers from Denmark’s public and private sectors to gain access to a state-of-the-art supercomputer optimised for large-scale projects using AI.
  • Assisting the Data for Good Foundation to establish a data ecosystem that allows citizens to control their own data and allows public as well as private organisations to perform anonymous analyses of such data.

DLA Piper Denmark

DLA Piper Denmark’s data protection team leverages the firm’s extensive international network to provide expert advice on a wide range of data privacy matters. Covering all sector requirements, the team is particularly noted for its specialist knowledge of biometrics regulation, AI, ChatGPT, and other language models. The practice is led by Marlene Winther Plas, a certified IT attorney specialising in technology-related law and data protection, with extensive experience in compliance projects, data breaches, and cybersecurity. Martin Hjørlund Nielsen strengthens the team with his focus on IT contracts, data protection, cybersecurity, and operational compliance.

Praxisleiter:

Marlene Winther Plas


Weitere Kernanwälte:

Jon Lauritzen; Martin Hjørlund Nielsen


Referenzen

‘It is an effective team where no time is wasted.’

‘Jon Lauritzen is very good at determining need and is nice to have and the same with his team.’

 

Kernmandanten

NIO


Brøndbyernes IF Fodbold A/S


Danish Dental Organisation (Tandlægeforeningen)


People Test Systems A/S


Small Danish Hotels


Kirkens Korshær (DanChurchSocial)


The Velux Foundation


TM Group


BlueKolding


The City of Copenhagen


FlightLogger


Landsbyggefonden (the Danish National Housing Fund)


Sønderborg Forsyning


Skanlog/Skandinavisk Logistik A/S


Divisionsforeningen (the Danish Football League)


Highlight-Mandate


  • Assisting NIO in its first wave process of entering into and operating on the European market, advising on many different aspects of Danish data protection law.
  • Assisting the City of Copenhagen in connection with the development of various AI-based services aimed at improving efficiency and quality of documentation for the treatment of citizens with reduced functional capacity.
  • Assisting a private dentist and the Danish Dental Association in a High Court case regarding GDPR brought by HK (a labour union) regarding non-material damages.

Poul Schmith

Poul Schmith continues to handle some of Denmark’s largest privacy projects, advising major private-sector corporates and numerous government entities on the full spectrum of data protection matters. The firm is a go-to advisor for government bodies seeking expertise on complex data privacy issues of public importance and is regularly engaged in projects aimed at enhancing Denmark’s digital public infrastructure. The team is led by Jakob Kamby, who specialises in compliance and AI projects and digitalisation-ready legislation. Martin Sønnersgaard offers expertise in data protection and AI for both private and public clients. Kirsten Marie Donato brings significant experience assisting corporations and governmental entities with complex digitisation projects and cross-border matters.

Praxisleiter:

Jakob Kamby


Weitere Kernanwälte:

Martin Sønnersgaard; Kirsten Marie Donato


Referenzen

‘The combined understanding of GDPR and IT was an asset when working in the cross-space between the legal aspects of IT and the technical.’

‘The team showed a high degree of insight into the legal framework concerning GDPR and AI.’

‘First class service. Practical solutions where most lawyers provide vagueness and best guesses.’

Kernmandanten

The Danish Agency for Digital Government


The Capital Region of Denmark


The Danish Agency for Data Supply and Infrastructure


The Danish Building and Property Agency


PFA Ejendomme A/S


The Danish Prime Minister’s Office


Flicker Factory


Highlight-Mandate


  • Assisting the Danish Agency for Digital Government in providing, maintaining and further developing a new national digital post solution (called Digital Post) for public authorities to communicate securely and digitally with citizens and businesses and vice versa.
  • Assisted the Capital Region of Denmark in one of the biggest research projects in Danish history, since September 2023 with data protection legal compliance, including the preparation of a data protection impact assessment, in the research project PHAIR.
  • Assisting the Danish Agency for Data Supply and Infrastructure in providing a new data distribution platform (called Den Fællesoffentlige Datafordeler) for the distribution of fundamental register data from several public authorities via one platform.

Bruun & Hjejle

Bruun & Hjejle’s data protection team focuses on high-end, complex data privacy matters, covering all aspects of compliance, from large-scale GDPR projects to day-to-day issues. The team also provides specialised advice on data protection in M&A transactions, led by Anna de Vos-Zehngraff, a GDPR expert with extensive experience in compliance projects, M&A, and cases before the Danish Data Protection Agency.

Praxisleiter:

Anna de Vos-Zehngraff


Referenzen

‘Highly professional team who acts quickly on customers’ requests for assistance. Skilled people with deep expertise in data privacy and data protection combined with great commercial insight and a pragmatic approach. The team offers clients practical, fit-for-purpose legal and compliance counsel and is keenly focused on client service.’

‘Anna de Vos-Zehngraff is highly dedicated and always provides solution-oriented, professional and valuable insights. She has the most kind and client-centric approach always taking the time to truly understand the needs and challenges of her clients. She excels in explaining complex legal issues in a clear and understandable manner, focusing on what is relevant for our business.’

‘Anna de Vos-Zehngraff stands out as very pragmatic and very knowledgeable.’

Kernmandanten

TV2 Danmark A/S


Danske Bank A/S


Berlingske Media A/S


Auditdata A/S


Nordea Danmark, Filial af Nordea Bank Abp, Finland


G.S.V. Materieludlejning A/S


Den Blå Planet


Kirk Kapital A/S


Copenhagen Infrastructure Partners P/S


Copenhagen Infrastructure Service Company ApS


Alm. Brand Group A/S


International Woodland Company A/S


PFA Pension, Forsikringsaktieselskab


Veo Technologies ApS


Telenor A/S


Copenhagen Fintech


Secomea A/S


Autorola A/S


Kirk Kapital A/S


Lavazza Denmark ApS


G.S.V. Materieludlejning A/S


UNICEF Danmark


PKA


DAHL Law Firm

DAHL Law Firm combines deep expertise in data protection and privacy with substantial industry knowledge, delivering tailored advice through specialised sub-teams. The firm advises a wide range of significant companies and organisations on complex privacy and data protection matters. The department is led by Frederik Bruhn, and supported by the head of the team, Tim Krarup Nielsen, who focuses on IT, tech, and research organisations. Mads Nygaard Madsen, with 25 years of experience, advises on compliance programs and data breaches. Frans Skovholm specialises in data protection, ISMS, and ESG, while Søren Wolder focuses on whistleblower schemes and cloud platform data processing.

Praxisleiter:

Frederik Bruhn; Tim Krarup Nielsen


Weitere Kernanwälte:

Mads Nygaard Madsen; Søren Wolder; Frans Skovholm


Referenzen

‘It was an excellent advisory service and they provided very good communication of what I needed and expected.’

‘Mads Nygaard Madsen offers thorough, high-quality and spot-on legal advice while being very flexible with our business´ often tight deadlines.’

‘Good understanding of our association. Very competent advice and guidance.’

Kernmandanten

DXC Technology


EG A/S


Fødevareforbundet NNF


The Danish Cancer Society


Umbraco A/S


Dantherm Group A/S


ISTA Denmark A/S


Zealand University Hospital


Highlight-Mandate


  • Assisted the Danish Cancer Society with its participation in international cancer research under the International Agency for Cancer Research, an organisation under the United Nations.
  • Assisted the Danish Cancer Society and its researchers in ensuring legal compliance with GDPR in its research projects.
  • Advises ISTA Danmark A/S with GDPR-related questions.

Lund Elmer Sandager

Lund Elmer Sandager’s data protection practice team has extensive experience advising a diverse client base, from large corporations to SMEs and foreign corporate groups operating in Denmark. The team collaborates closely with other departments, such as employment law, to address GDPR-related issues, including HR data privacy. Covering all aspects of data protection, the team negotiates, advises, and prepares legal documentation, manages compliance projects, and serves as DPO for several companies, handling supervision and dispute cases. Led by Torsten Hylleberg, a certified IT attorney and seasoned GDPR expert, the practice has successfully managed numerous high-profile GDPR projects.

Praxisleiter:

Torsten Hylleberg


Referenzen

‘Torsten Hylleberg provides a quick response, is good at sparring and advice at eye level. We use him as our contact person for the law firm and he is very good at involving the right professional groups from them.’

‘Objective, to the point and highly professional.’

‘In the frame of an AI-related project, they have the IT base necessary to support understanding of data and how it ties contractual and compliance together.’

Kernmandanten

Flair Group


Bagu IT


De 5 stjerner A/S


Arthur Hotels Group


Djøf


Justface A/S


Autobranchen Danmark


Toyota Danmark A/S


Toyota Financial Services A/S


FREJA Transport & Logistics A/S


Nextway Softway A/S


Momentum Energy Group A/S


Milestone Systems A/S


Delta Galil Inc.


Viggo Energy


Egmont publishing


Bikekey ApS


DanOffice IT ApS


ParkDepot


WorldManuals ApS.


Nordico Supply A/S


Nymølle Stenindustrier A/S


SIRIUS advokater

SIRIUS advokater advises Danish clients, including public institutions, privately owned companies, trade unions, and foundations, on compliance matters spanning GDPR, network security, financial regulation, and competition law. The team provides tailored advice on governance structures and practical solutions to specific compliance challenges. Led by Kira Kolby Christensen, the team leverages her experience from the Danish Data Protection Agency and the Danish Supreme Court. She assists clients with GDPR compliance, governance structures, and due diligence in M&A transactions.

Praxisleiter:

Kira Kolby Christensen


Referenzen

‘It is a strength that SIRIUS has a great insight into new trends and new technologies and the law that regulates this. It is also a strength that the team has a very high degree of understanding of how law can be implemented in practice in the company.’

‘It is a strength that Kira Kolby Christensen knows about the organisation’s tasks, conditions and challenges and quickly can find constructive solutions to them. It is also a strength that Christensen is a good mediator, even for customers who do not have a legal background.’

‘The practice is good at putting the issues in the context of the business as a whole and understanding wider implications of legal decision-making in the area of data protection. It was clear that the partners had good communication with each other, which supported this element. Availability is always good, and partners took calls during busy and/or holiday periods and accommodated our tight timeframes.’

Kernmandanten

Fagligt Fælles Forbund


Lægeforeningen


Investment Funds for Developing Countries


Forsikringsforbundet


BDO Statsautoriseret Revisionsaktieselskab


EasyMe ApS


INPAY A/S


Highlight-Mandate


  • Assisted EasyMe ApS in applying for permission as a payment service, including getting all the necessary documentation in place for the application.
  • Assisted Inpay A/S in getting their GDPR government structure in place, particularly in determining whether some payment systems qualify as Payment Service Providers or as Technical Service Providers.
  • Assisted Lægeforeningen with clarifying the organisation’s actual data storage setup against the organisation’s need for continued data storage in light of GDPR Arts. 5, 6 and 9.

Skau Reipurth

Skau Reipurth’s data protection team specialises in advising associations, unions, and non-corporate entities on compliance matters without disrupting operations. The team has completed comprehensive risk analyses and compliance setups for medium to large associations and is led by Mette Vestergaard Huss, known for her expertise in navigating the complexities of NGOs, workers’ unions, and volunteer or political organisations.

Praxisleiter:

Mette Vestergaard Huss


Weitere Kernanwälte:

Louise Letman; Christine Børglum Sørensen


Kernmandanten

DM


Pack Tech ApS


Pharmadanmark


Femern Link Contractors


Konica Minolta


Styrk.app ApS


De Danske Bilimportører


Ejendom Danmark


Georg Jensen A/S


Resea Projects ApS


B Cool A/S


Dyrenes Beskyttelse


ProIndats


Ase Lønmodtager


Arbejdsløshedskassen Ase


ConturaLuxplus ApS


Initiate ApS


WebItAll ApS


Kemp & Lauritzen A/S


Den Danske Skovforening


B Cool A/S


Renell A/S


Det Danske Spejderkorps


Highlight-Mandate


  • Advised the trade union DM on the merger with several trade unions during 2022 and 2023 and continues into 2024 especially with a focus on GDPR and compliance in the decision phase, the pre-merger phase and the post-merger phase.
  • Advised Luxplus to optimise and ensure even better compliance with GDPR and marketing regulations.
  • Advised several trade unions in connection with Audits from the Danish Data Protection Agency on the use of AI.