Bech-Bruun is highly regarded for delivering pragmatic solutions to the complex challenges of data protection regulations. The firm works with a diverse client base, including public bodies, Danish businesses, and international corporations, offering comprehensive expertise in data privacy and protection. With a strong focus on legal tech and GDPR services, the firm also provides expert guidance in cybersecurity incident response management. The practice is led by Mikkel Friis Rossa, who advises prominent domestic and international clients on GDPR compliance, including contesting fines and implementing global data protection programmes. Thomas Munk Rasmussen heads the data protection transaction team, providing essential compliance input throughout all stages of M&A and property transactions. Egil Husum‘s advisory scope spans public authorities and private enterprises, offering invaluable guidance on diverse data protection issues. Emil Brockstedt Marburger excels in cyber incident handling and specialises in data protection for the pharma, biotech, medico and telecoms sectors.
Data privacy and data protection in Denmark
Bech-Bruun
Praxisleiter:
Mikkel Friis Rossa
Weitere Kernanwälte:
Thomas Munk Rasmussen; Egil Husum; Emil Brockstedt Marburger
Referenzen
‘Very diverse team, very skilled and each person is capable of different things. It’s very tailored help.’
‘Important knowledge, always available, great overview and good service. I use Bech-Bruun on cyber claims, they are our first responses in case of a cyber breach.’
‘Whenever we come short in internal expertise within the data privacy and data protection area our first choice is to call Bech-Bruun. Besides having an in-depth understanding of the regulatory area and practices, they have a strong ability to adapt the to specific needs of the client.’
Kernmandanten
Jyske Bank
Tivoli
Pandora
A.P. Møller Holding
IMPACT
NRGi
Arp-Hansen Hotel Group
USTC Group
T. Hansen Group
Kamstrup
Lessor Group
L’Oréal
CNA Hardy Denmark
LEO Pharma
ALK Abelló
One.com
Kereby
AllUnite
The Municipality of Helsingør
Rockwool
Highlight-Mandate
- Representing Arp-Hansen Group, the largest hotel chain in Denmark, in a landmark GDPR matter on the interpretation of GDPR Art. 5, 1. before the High Court.
- Representing ILVA A/S in a landmark GDPR matter before the Court of Justice of the European Union concerning the interpretation of Art. 83(4) of the GDPR and particularly the concept of ‘undertaking’ within the GDPR for the purpose of calculating fine levels for violations of the GDPR by data controllers being part of a group of entities.
- Advising Kamstrup on certification under the Data Privacy Framework (USA) and various GDPR matters such as DPIAs on AI and securing ongoing GDPR compliance in relation to employees, customers and vendors.
Gorrissen Federspiel
Gorrissen Federspiel’s data protection team is highly regarded for handling complex, data-related cases for leading Danish and international organisations across key industry sectors, including renewables, media and entertainment, retail, life sciences, and engineering. The team provides expert advice on data protection, data ethics, cybersecurity, digital transformation, and regulatory matters, excelling at the intersection of technology and law, particularly in IT and digital infrastructure. The practice is co-headed by Tue Goldschmieding, who leads the privacy and cybersecurity practice, advising on large-scale GDPR compliance projects for major corporations, and David Telyas, who assists clients with new product launches, compliance projects, M&A transactions, and regulatory cases. Max Gersvang Sørensen strengthens the team with his expertise in data privacy, crisis management, and handling security breaches for significant multinational companies.
Praxisleiter:
Tue Goldschmieding, David Telyas
Weitere Kernanwälte:
Max Gersvang Sørensen
Referenzen
‘They are good at knowing the risk level of their clients and advise accordingly.’
‘They invest time and resources in getting to know the client in order to give the best advice.’
‘David Telyas has always provided exceptional service. He is very approachable and available on short notice. He and his team deliver during the promised time period.’
Kernmandanten
Aller A/S A.P.
Møller – Maersk A/S
FOSS A/S
Novo Nordisk A/S
Rambøll Group
Schibsted Denmark ApS
Vestas Wind Systems A/S
Kromann Reumert
Kromann Reumert’s data protection team advises on all aspects of GDPR and data handling across sectors, including energy, financial, pharmaceutical, and other highly regulated industries. The team has strengths in AI and cloud migration services, including DPIAs, compliance risk assessments, privacy, and international data transfers. It provides guidance on data processors, security breaches, internal investigations, whistleblowing schemes, and more. The practice is led by Pia Kirstine Voldmester, who brings over two decades of expertise in complex compliance projects, regulatory disputes, and cybercrime incidents. Birgitte Toxværd advises on data protection, from individual processing tasks to large-scale compliance projects. Daiga Grunte-Sonne offers expertise in consent rules, legitimate processing, data use, third-country transfers, and data processing agreements, supporting clients across all industries.
Praxisleiter:
Pia Kirstine Voldmester
Weitere Kernanwälte:
Birgitte Toxværd; Daiga Grunte-Sonne
Referenzen
‘Excellent privacy knowledge and very practical advice.’
‘We appreciate the practical insight and up-to-date knowledge of legislation and case law. We also appreciate the availability and swift interaction when matters need attention. Finally, we appreciate the combination of knowledge of data protection, AI and other financial areas.’
‘Pia Kirstine Voldmester stands out in terms of being practical in her legal guidance and able to deliver a clear message to senior management and Birgitte Toxsværd stands out in terms of her technical knowledge.’
Kernmandanten
The Danish Cancer Society (Kræftens Bekæmpelse)
Deloitte
Demant
DSB – the Danish State Railways
Experian
Food Folk Danmark
ISS World Services
The Danish Organization of General Practitioners (PLO) and the Danish Medical Association (Lægeforeningen)
Synoptik
Taxa 4×35
Telenor
Tryg Forsikring
TV 2 Danmark
Velliv, Pension & Livsforsikring
Accura Advokatpartnerselskab
Accura Advokatpartnerselskab’s dedicated data protection and cybersecurity team has extensive experience in privacy and data protection law, with particular expertise in the health, life sciences, financial, insurance, and employment sectors. The team represents large national and international companies on a wide range of assignments, including full-scale compliance projects, GDPR audits, IT risk mapping, due diligence, and drafting GDPR codes of conduct. They also provide data protection officer services and have developed a risk assessment module and audit scheme. Led by Jens Harkov Hansen, a seasoned professional with over 18 years of experience advising Denmark’s largest businesses, the team is further strengthened by Dan Ermose, who brings over two decades of expertise in IT contracts, outsourcing, and handling data in regulated industries such as finance and insurance.
Praxisleiter:
Jens Harkov Hansen
Weitere Kernanwälte:
Dan Ermose; Rasmus Holm Pedersen
Referenzen
‘What sets Jens Harkov Hansen’s team apart is his deep understanding of both legal frameworks and the technology that underpins data protection legislation.’
‘Jens Harkov Hansen is to the best of my knowledge the absolute most knowledgeable lawyer in the country when it comes to privacy law.’
‘The team is exceptional in their ability to offer practical, tailored solutions that truly address our specific challenges.’
Kernmandanten
GF Forsikring A/S
Fiskars Group
North Risk A/S
Lessor Group A/S
Birch Ejendomme ApS
Undersøgelseskommissionen om SKAT
OK a.m.b.a.
BL boligselsksbernes landsforening
Highlight-Mandate
- Assisted GF Forsikring A/S with GDPR compliance matters.
- Assisted Fiskars Group with various data protection matters in relation to outsourcing of IT services.
- Assisted North Risk A/S with group GDPR compliance matters.
Bird & Bird Advokatpartnerselskab
Bird & Bird Advokatpartnerselskab’s fully specialised data protection and privacy team advises major international corporations, local private clients, and public sector organisations on all aspects of data protection law. With strong international and cross-border capabilities, the team is backed by the firm’s extensive global data protection network. The practice is led by Michael Gorm Madsen, a seasoned data protection lawyer with 25 years of experience advising on some of Denmark’s largest data protection projects. Camilla Bjerning Schack, who heads the team’s DPO service line, supports Madsen on large-scale international compliance projects for Danish and foreign clients.
Praxisleiter:
Michael Gorm Madsen
Weitere Kernanwälte:
Camilla Bjerning Schack
Referenzen
‘The team possesses an in-depth and practical knowledge second to none. Its advice is solidly founded in the law and with a profound understanding of the client’s business and needs.’
‘Michael Gorm Madsen has a sharp eye for advice on a no-nonsense basis always with a focus on the client’s question and with the ability to also detect the surrounding relevant issues that may influence but without inflating the assignment.’
‘Very strong within the field of data protection, GDPR in particular. Strong analytical approach to a legal white paper conducted in an EU project we are part of.’
Kernmandanten
WSAudiology
Danish Centre for AI Innovation A/S
Synsam Group
UNEEG medical A/S
ALK-Abello Nordic A/S
Kombit A/S
NNIT A/S
Milestone Systems A/S
Scalepoint Technologies A/S
Semler Group
Veo Technologies
Data for Good Foundation
LLOYD Copenhagen ApS
Technolution A/S
Danmarks Miljøportal
Det fælleskommunale Databehandlersekretariat
APC Forsikringsmæglerne A/S
Better Energy A/S
Easy Translate A/S
Cookie Information A/S
Tempur + Sealy
E-nettet A/S
Foreningen Lex.dk
Gehl Architects
Cisu Civilsamfund i Udvikling
Bofælleskabet Lykke Marie
Naturstyrelsen
Global Biodiversity Information Facility Secretariat
Highlight-Mandate
- Advised WSAudiology on privacy aspects in the development and implementation of hearing aid fitting solutions including drafting a privacy impact assessment, developing data processor agreements, privacy notices and assisted in the global implementation.
- Assisting the Danish Centre for AI Innovation A/S with the drafting of the contractual set up to allow researchers from Denmark’s public and private sectors to gain access to a state-of-the-art supercomputer optimised for large-scale projects using AI.
- Assisting the Data for Good Foundation to establish a data ecosystem that allows citizens to control their own data and allows public as well as private organisations to perform anonymous analyses of such data.
DLA Piper Denmark
DLA Piper Denmark’s data protection team leverages the firm’s extensive international network to provide expert advice on a wide range of data privacy matters. Covering all sector requirements, the team is particularly noted for its specialist knowledge of biometrics regulation, AI, ChatGPT, and other language models. The practice is led by Marlene Winther Plas, a certified IT attorney specialising in technology-related law and data protection, with extensive experience in compliance projects, data breaches, and cybersecurity. Martin Hjørlund Nielsen strengthens the team with his focus on IT contracts, data protection, cybersecurity, and operational compliance.
Praxisleiter:
Marlene Winther Plas
Weitere Kernanwälte:
Jon Lauritzen; Martin Hjørlund Nielsen
Referenzen
‘It is an effective team where no time is wasted.’
‘Jon Lauritzen is very good at determining need and is nice to have and the same with his team.’
Kernmandanten
NIO
Brøndbyernes IF Fodbold A/S
Danish Dental Organisation (Tandlægeforeningen)
People Test Systems A/S
Small Danish Hotels
Kirkens Korshær (DanChurchSocial)
The Velux Foundation
TM Group
BlueKolding
The City of Copenhagen
FlightLogger
Landsbyggefonden (the Danish National Housing Fund)
Sønderborg Forsyning
Skanlog/Skandinavisk Logistik A/S
Divisionsforeningen (the Danish Football League)
Highlight-Mandate
- Assisting NIO in its first wave process of entering into and operating on the European market, advising on many different aspects of Danish data protection law.
- Assisting the City of Copenhagen in connection with the development of various AI-based services aimed at improving efficiency and quality of documentation for the treatment of citizens with reduced functional capacity.
- Assisting a private dentist and the Danish Dental Association in a High Court case regarding GDPR brought by HK (a labour union) regarding non-material damages.
Poul Schmith
Poul Schmith continues to handle some of Denmark’s largest privacy projects, advising major private-sector corporates and numerous government entities on the full spectrum of data protection matters. The firm is a go-to advisor for government bodies seeking expertise on complex data privacy issues of public importance and is regularly engaged in projects aimed at enhancing Denmark’s digital public infrastructure. The team is led by Jakob Kamby, who specialises in compliance and AI projects and digitalisation-ready legislation. Martin Sønnersgaard offers expertise in data protection and AI for both private and public clients. Kirsten Marie Donato brings significant experience assisting corporations and governmental entities with complex digitisation projects and cross-border matters.
Praxisleiter:
Jakob Kamby
Weitere Kernanwälte:
Martin Sønnersgaard; Kirsten Marie Donato
Referenzen
‘The combined understanding of GDPR and IT was an asset when working in the cross-space between the legal aspects of IT and the technical.’
‘The team showed a high degree of insight into the legal framework concerning GDPR and AI.’
‘First class service. Practical solutions where most lawyers provide vagueness and best guesses.’
Kernmandanten
The Danish Agency for Digital Government
The Capital Region of Denmark
The Danish Agency for Data Supply and Infrastructure
The Danish Building and Property Agency
PFA Ejendomme A/S
The Danish Prime Minister’s Office
Flicker Factory
Highlight-Mandate
- Assisting the Danish Agency for Digital Government in providing, maintaining and further developing a new national digital post solution (called Digital Post) for public authorities to communicate securely and digitally with citizens and businesses and vice versa.
- Assisted the Capital Region of Denmark in one of the biggest research projects in Danish history, since September 2023 with data protection legal compliance, including the preparation of a data protection impact assessment, in the research project PHAIR.
- Assisting the Danish Agency for Data Supply and Infrastructure in providing a new data distribution platform (called Den Fællesoffentlige Datafordeler) for the distribution of fundamental register data from several public authorities via one platform.
Bruun & Hjejle
Bruun & Hjejle’s data protection team focuses on high-end, complex data privacy matters, covering all aspects of compliance, from large-scale GDPR projects to day-to-day issues. The team also provides specialised advice on data protection in M&A transactions, led by Anna de Vos-Zehngraff, a GDPR expert with extensive experience in compliance projects, M&A, and cases before the Danish Data Protection Agency.
Praxisleiter:
Anna de Vos-Zehngraff
Referenzen
‘Highly professional team who acts quickly on customers’ requests for assistance. Skilled people with deep expertise in data privacy and data protection combined with great commercial insight and a pragmatic approach. The team offers clients practical, fit-for-purpose legal and compliance counsel and is keenly focused on client service.’
‘Anna de Vos-Zehngraff is highly dedicated and always provides solution-oriented, professional and valuable insights. She has the most kind and client-centric approach always taking the time to truly understand the needs and challenges of her clients. She excels in explaining complex legal issues in a clear and understandable manner, focusing on what is relevant for our business.’
‘Anna de Vos-Zehngraff stands out as very pragmatic and very knowledgeable.’
Kernmandanten
TV2 Danmark A/S
Danske Bank A/S
Berlingske Media A/S
Auditdata A/S
Nordea Danmark, Filial af Nordea Bank Abp, Finland
G.S.V. Materieludlejning A/S
Den Blå Planet
Kirk Kapital A/S
Copenhagen Infrastructure Partners P/S
Copenhagen Infrastructure Service Company ApS
Alm. Brand Group A/S
International Woodland Company A/S
PFA Pension, Forsikringsaktieselskab
Veo Technologies ApS
Telenor A/S
Copenhagen Fintech
Secomea A/S
Autorola A/S
Kirk Kapital A/S
Lavazza Denmark ApS
G.S.V. Materieludlejning A/S
UNICEF Danmark
PKA
DAHL Law Firm
DAHL Law Firm combines deep expertise in data protection and privacy with substantial industry knowledge, delivering tailored advice through specialised sub-teams. The firm advises a wide range of significant companies and organisations on complex privacy and data protection matters. The department is led by Frederik Bruhn, and supported by the head of the team, Tim Krarup Nielsen, who focuses on IT, tech, and research organisations. Mads Nygaard Madsen, with 25 years of experience, advises on compliance programs and data breaches. Frans Skovholm specialises in data protection, ISMS, and ESG, while Søren Wolder focuses on whistleblower schemes and cloud platform data processing.
Praxisleiter:
Frederik Bruhn; Tim Krarup Nielsen
Weitere Kernanwälte:
Mads Nygaard Madsen; Søren Wolder; Frans Skovholm
Referenzen
‘It was an excellent advisory service and they provided very good communication of what I needed and expected.’
‘Mads Nygaard Madsen offers thorough, high-quality and spot-on legal advice while being very flexible with our business´ often tight deadlines.’
‘Good understanding of our association. Very competent advice and guidance.’
Kernmandanten
DXC Technology
EG A/S
Fødevareforbundet NNF
The Danish Cancer Society
Umbraco A/S
Dantherm Group A/S
ISTA Denmark A/S
Zealand University Hospital
Highlight-Mandate
- Assisted the Danish Cancer Society with its participation in international cancer research under the International Agency for Cancer Research, an organisation under the United Nations.
- Assisted the Danish Cancer Society and its researchers in ensuring legal compliance with GDPR in its research projects.
- Advises ISTA Danmark A/S with GDPR-related questions.
Lund Elmer Sandager
Lund Elmer Sandager’s data protection practice team has extensive experience advising a diverse client base, from large corporations to SMEs and foreign corporate groups operating in Denmark. The team collaborates closely with other departments, such as employment law, to address GDPR-related issues, including HR data privacy. Covering all aspects of data protection, the team negotiates, advises, and prepares legal documentation, manages compliance projects, and serves as DPO for several companies, handling supervision and dispute cases. Led by Torsten Hylleberg, a certified IT attorney and seasoned GDPR expert, the practice has successfully managed numerous high-profile GDPR projects.
Praxisleiter:
Torsten Hylleberg
Referenzen
‘Torsten Hylleberg provides a quick response, is good at sparring and advice at eye level. We use him as our contact person for the law firm and he is very good at involving the right professional groups from them.’
‘Objective, to the point and highly professional.’
‘In the frame of an AI-related project, they have the IT base necessary to support understanding of data and how it ties contractual and compliance together.’
Kernmandanten
Flair Group
Bagu IT
De 5 stjerner A/S
Arthur Hotels Group
Djøf
Justface A/S
Autobranchen Danmark
Toyota Danmark A/S
Toyota Financial Services A/S
FREJA Transport & Logistics A/S
Nextway Softway A/S
Momentum Energy Group A/S
Milestone Systems A/S
Delta Galil Inc.
Viggo Energy
Egmont publishing
Bikekey ApS
DanOffice IT ApS
ParkDepot
WorldManuals ApS.
Nordico Supply A/S
Nymølle Stenindustrier A/S
SIRIUS advokater
SIRIUS advokater advises Danish clients, including public institutions, privately owned companies, trade unions, and foundations, on compliance matters spanning GDPR, network security, financial regulation, and competition law. The team provides tailored advice on governance structures and practical solutions to specific compliance challenges. Led by Kira Kolby Christensen, the team leverages her experience from the Danish Data Protection Agency and the Danish Supreme Court. She assists clients with GDPR compliance, governance structures, and due diligence in M&A transactions.
Praxisleiter:
Kira Kolby Christensen
Referenzen
‘It is a strength that SIRIUS has a great insight into new trends and new technologies and the law that regulates this. It is also a strength that the team has a very high degree of understanding of how law can be implemented in practice in the company.’
‘It is a strength that Kira Kolby Christensen knows about the organisation’s tasks, conditions and challenges and quickly can find constructive solutions to them. It is also a strength that Christensen is a good mediator, even for customers who do not have a legal background.’
‘The practice is good at putting the issues in the context of the business as a whole and understanding wider implications of legal decision-making in the area of data protection. It was clear that the partners had good communication with each other, which supported this element. Availability is always good, and partners took calls during busy and/or holiday periods and accommodated our tight timeframes.’
Kernmandanten
Fagligt Fælles Forbund
Lægeforeningen
Investment Funds for Developing Countries
Forsikringsforbundet
BDO Statsautoriseret Revisionsaktieselskab
EasyMe ApS
INPAY A/S
Highlight-Mandate
- Assisted EasyMe ApS in applying for permission as a payment service, including getting all the necessary documentation in place for the application.
- Assisted Inpay A/S in getting their GDPR government structure in place, particularly in determining whether some payment systems qualify as Payment Service Providers or as Technical Service Providers.
- Assisted Lægeforeningen with clarifying the organisation’s actual data storage setup against the organisation’s need for continued data storage in light of GDPR Arts. 5, 6 and 9.
Skau Reipurth
Skau Reipurth’s data protection team specialises in advising associations, unions, and non-corporate entities on compliance matters without disrupting operations. The team has completed comprehensive risk analyses and compliance setups for medium to large associations and is led by Mette Vestergaard Huss, known for her expertise in navigating the complexities of NGOs, workers’ unions, and volunteer or political organisations.
Praxisleiter:
Mette Vestergaard Huss
Weitere Kernanwälte:
Louise Letman; Christine Børglum Sørensen
Kernmandanten
DM
Pack Tech ApS
Pharmadanmark
Femern Link Contractors
Konica Minolta
Styrk.app ApS
De Danske Bilimportører
Ejendom Danmark
Georg Jensen A/S
Resea Projects ApS
B Cool A/S
Dyrenes Beskyttelse
ProIndats
Ase Lønmodtager
Arbejdsløshedskassen Ase
ConturaLuxplus ApS
Initiate ApS
WebItAll ApS
Kemp & Lauritzen A/S
Den Danske Skovforening
B Cool A/S
Renell A/S
Det Danske Spejderkorps
Highlight-Mandate
- Advised the trade union DM on the merger with several trade unions during 2022 and 2023 and continues into 2024 especially with a focus on GDPR and compliance in the decision phase, the pre-merger phase and the post-merger phase.
- Advised Luxplus to optimise and ensure even better compliance with GDPR and marketing regulations.
- Advised several trade unions in connection with Audits from the Danish Data Protection Agency on the use of AI.