Next Generation Partners

Firms To Watch: Data privacy and data protection

Lundgrens‘ newly dedicated data protection and compliance team is headed up by Reza Ahmadian, handling compliance projects, security breaches and compliance with the relevant data legislation.

Data privacy and data protection in Denmark

Accura Advokatpartnerselskab

Accura Advokatpartnerselskab is extremely experienced in advising on the full suite of privacy, data protection and cybersecurity matters including special rules and legislation, and employment-related data work; it is particularly strong in relation to the health, life sciences, financial and insurance sectors. Data protection assignments, including full-scale compliance projects, GDPR audits, data protection due diligence and GDPR codes of conduct are a core pillar of the group’s work in the space. Team leader Jens Harkov Hansen has substantial experience advising on complex, high-level data protection matters. Dan Ermose has considerable expertise with system acquisition and license agreements, IT security mandates, and data work in the life sciences space.

Responsables de la pratique:

Jens Harkov Hansen

Autres avocats clés:

Dan Ermose

Les références

‘Very competent guidance, which is adapted to our needs and level. Ensures information and implementation at our level and manages to explain and initiate everyone. We have gained thorough knowledge and compliance in this area.’

‘Jens Harkov Hansen has a sympathetic and calm approach to the subject, which is quite complex for those of us who do not have the subject as a primary professional interest. He manages to make us understand the basic essence of GDPR.’

‘Strong understanding for the client’s needs and can navigate in the landscape of the law and risk profile.’

Principaux clients

Velux Group

North Risk A/S



Lessor Group A/S

Birch Ejendomme ApS (løbende rådgivning + bestyrelsesrapportering)

Undersøgelseskommissionen om SKAT

Principaux dossiers

  • Assisted VELUX Group with developing a wide range of mandatory GDPR-documentation such as risk assessments, transfer impact assessments with regard to third country transfers, as well as privacy notices relevant for HR matters.
  • Assisted a large Danish global provider of aerospace equipment in implementing a thorough GDPR compliance programme.
  • Assisting Lessor Group on a weekly basis with regard to e.g. the negotiation of various data processing agreements between both customers and suppliers, drafting and implementation of internal policies and assistance with requests Lessor has received from its customers.


The team at Bech-Bruun is known for its ‘deep expertise in all aspects of data protection’ and is praised for offering clients ‘practical, fit-for-purpose legal and compliance counsel’. The team’s advisory work spans the development and implementation of data protection compliance programmes, mock-up inspections, GDPR court cases, international data transfers, security breaches and cybersecurity incidents, among others. Mikkel Friis Rossa heads up the department, and is experienced in GDPR, contesting fines levied by authorities, and international data transfer matters, with particular experience with complex data protection compliance. Managing associate Egil Husum advises both public authorities and private companies on the full array of data protection matters. Charlotte Bagger Tranberg left the firm in January 2023 and Susanne Stougaard departed in February 2024.

Responsables de la pratique:

Mikkel Friis Rossa

Autres avocats clés:

Egil Husum

Les références

‘Loyal and straightforward. You can count on their best advice without anything being left out. Has a great team working together, so they deliver on deadlines. ’

‘Bech-Bruun’s data privacy team has deep expertise in all aspects of data protection and offers clients practical, fit-for-purpose legal and compliance counsel. The team is keenly focused on client service. The team’s ability to filter out the regulatory ‘noise’ and quickly help clients understand which developments require attention sets the team apart from the competition.’

‘Great hands-on approach. Good understanding of clients’ commercial reality and needs.’

Principaux clients

DIGIT Kommunerne

Salling Group A/S

CNA Insurance

DSV Group

Arp-Hansen Hotel Group

Rockwool International




Jyske Bank

The Zealand Region of Denmark


Chr. Hansen Group

The Southern Region of Denmark

Georg Jensen


Oterra A/S

Nordic Entertainment Group

The Danish Medical Association

Leo Pharma


Principaux dossiers

  • Advised DSV Group on a comprehensive and complex Binding Corporate Rules approval process, which took place over four years and involved several EU authorities.
  • Appointed as DPO in a comprehensive tender process.
  • Representing CNA Insurance in all instances where its customers’ cybersecurity insurance is triggered by a cybersecurity breach.

Gorrissen Federspiel

Gorrissen Federspiel retains its strong reputation in the Danish market for its expertise in a broad range of matters concerning data protection, data ethics, cybersecurity, digital transformation and digital regulatory work across a variety of sectors including the energy, media, retail, life sciences, transport and consumer goods industries. The team of ‘highly skilled lawyers’ is led by Tue Goldschmieding in Copenhagen and Aarhus-based David Telyas; Goldschmieding frequently undertakes large-scale compliance projects for Danish and international corporations, while Telyas assists Danish and foreign companies in relation to launches of new services and product offerings, compliance projects, M&A transactions involving technology, and compliance cases initiated by supervisory authorities. Max Gersvang Sørensen is known for his experience across all aspects of data privacy law, along with handling crisis management issues and security breaches.

Responsables de la pratique:

Tue Goldschmieding; David Telyas

Autres avocats clés:

Max Gersvang Sørensen

Les références

‘The competence level for data privacy and related legislations is high and very scalable, meaning that the team is solving regulatory issues at a very high level, and are adaptable to scale up or include other regulatory areas in their solution.’

‘Collaboration skills, ability to adapt to situations and new requirements, overview of legislative requirements for a global company, ability to adapt counselling to other competencies.’

‘Good understanding of the client’s commercial challenges. Highly accessible. Highly skilled lawyers.’

Principaux clients

Schibsted Denmark ApS

A.P. Møller – Maersk A/S

Vestas Wind Systems A/S

Novo Nordisk A/S

Rambøll Group


Aller A/S

Kromann Reumert

Kromann Reumert has the bandwidth to handle the full spectrum of data protection and privacy work, including data processing issues, major projects related to GDPR and other legislation, and matters involving the rights and complaints of data subjects. Practice head Pia Kirstine Voldmester has considerable experience advising on complex compliance projects, complaints, regulatory disputes, personal data breaches, and cyber crime attacks. IT specialist Kristian Storgaard is noted for his track record in IT procurement and telecoms matters, alongside regulatory and data privacy issues. Daiga Grunte-Sonne is the key name at director level, and Birgitte Toxværd joined from Horten in April 2023.

Responsables de la pratique:

Pia Kirstine Voldmester

Autres avocats clés:

Daiga Grunte-Sonne; Kristian Storgaard; Birgitte Toxværd

Les références

‘Pia Voldmester must be among the absolute best in Denmark within the field of data privacy and data protection.’

‘Proactive, skilled, exceptional collaboration.’

‘Extensive collaboration gives unique insight in company business and thus adding business value when discussing legal matters.’

Principaux clients


DR – the Danish Broadcasting Corporation

DSB – the Danish State Railways



H. Lundbeck

ISS World Services

The Danish Organization of General Practitioners (PLO) and the Danish Medical Association (Lægeforeningen)



Taxa 4×35

Tryg Forsikring

TV 2 Danmark

Principaux dossiers

  • Advised TV 2 Danmark on several data privacy issues, including the continuous implementation of the GDPR requirements, data processor agreements and third country transfer issues.
  • Advised Demant and all its group companies on a very large international compliance project.
  • Advised the Danish Organization of General Practitioners (PLO) on matters relating to national projects within the healthcare sector and on the development of national App services for the healthcare sector.


Plesner is frequently engaged on the entire spectrum of data protection work and is highly praised for being ‘excellent at combining specialist data protection knowledge with good common sense and business understanding to propose commercially viable data protection solutions’. Practice head and data privacy specialist Michael Hopp has substantial experience in the space and comes recommended as ‘extremely knowledgeable and responsive’. Peter Østerby Mønsted specialises in data privacy, data protection and operational compliance work, acting for private entities and public authorities.

Responsables de la pratique:

Michael Hopp

Autres avocats clés:

Peter Østerby Mønsted

Les références

‘Michael Hopp is hands down the best privacy legal expert in Denmark. Knows and understands stakeholder-management issues which is very useful.’

‘The team is very capable, responsive and creative.’

‘Michael Hopp is extremely knowledgeable and responsive. Always available for good sparring.’

Principaux clients

Danske Bank A/S

Principaux dossiers

  • Assisted Danske Bank with an inspection from Datatilsynet (the Danish Data Protection Agency), and acting as defence attorney for the bank in the related criminal case.

Bird & Bird Advokatpartnerselskab

Bird & Bird Advokatpartnerselskab‘s specialist team of practitioners regularly assists both public sector and major international corporate clients with critical data protection and e-privacy matters. Practice head Michael Gorm Madsen advises on all facets of data protection law and is also a specialist in e-privacy and e-trade mandates; he comes recommended as ‘outstanding’ on GDPR matters.

Responsables de la pratique:

Michael Gorm Madsen

Les références

‘Compared to what we have experienced earlier we believe Bird & Bird act as a true team – they are super individual specialists but understand to support each other as a team in order for us to experience a holistic approach to the tasks we are addressing together.’

‘Michael Gorm Madsen is our primary contact. He is outstanding in the GDPR and privacy area, and always goes that extra mile for us.’

‘The team combined has excellent knowledge on the subject, and they are always available.’

Principaux clients

Synsam Group

UNEEG medical A/S

ALK-Abello Nordic A/S

Region Hovedstaden (Capital Region of Denmark)


Milestone Systems A/S

Data for Good Foundation

LLOYD Copenhagen ApS

Danmarks Apotekerforening


Capgemini Danmark A/S

Copenhagen Capacity

Det fælleskommunale Databehandlersekretariat

APC Forsikringsmæglerne A/S

Better Energy A/S

Zizzi Denmark ApS

Cookie Information A/S

Tempur + Sealy (Dan-Foam ApS)

E-nettet A/S


Hogrefe Psykologisk Forlag A/S


Principaux dossiers

  • Advised the Data for Good Foundation on the roles of privacy in various business models for data exchange that allows citizens to control their own data and allows public as well as private organisations to perform anonymous analyses of such data.
  • Advised numerous private and public clients on the complex requirements applicable to transfers of personal data to third countries, in particular to the US, including Milestone Systems A/S, Danmarks Miljøportal and I/S Refa.
  • Assisted NNIT A/S with supporting the company’s GDPR compliance during and after the split of the company’s infrastructure business into a separate company.


Clemens’ compliance and data privacy practice group handles a work portfolio, which includes data privacy and compliance advice within all areas of data protection law, spanning overall GDPR compliance programs, data processor audits, security breaches, and cases against the Danish Data Protection Agency, among others. Camilla Sand Fink and Tommy Angermair jointly lead the practice as data privacy and labour law experts; Fink comes highly recommended for her ‘best-in-class work and knowledge in the field’.

Responsables de la pratique:

Camilla Sand Fink; Tommy Angermair

Les références

‘Camilla Sand Fink is very sharp and I find her communication/way of explaining legal complexities excellent. I find her to be very capable and her good communication helps to drive progress in different situations instead of getting stuck in legal details which are more or less irrelevant for the business.’

‘The team and partners are focused on solving the practical challenges while maintaining the required legal coverage. The team and partners are client centric, very knowledgeable, have practical experience and are very good people.’

‘We have worked with the compliance team and we have always been super thankful for their work and skills. They are a young and agile team with the ability to move fast on incoming dilemmas and issues. They have a strong network and have moved fast in setting us up with relevant peers.’

Principaux clients

Liebherr Denmark ApS

Universal Robots A/S

Mobile Industrial Robots A/S

Aalborg Forsyning

Normal A/S

Musikhuset Aarhus

Indeks retail A/S

AthleticWare ApS

Timbed ApS


Bclude ApS

Vestjylland Forsikring

Salling Group

NRGi Elsalg A/S

Work & Co

Erhverv Aarhus

Foodora Danmark ApS

XL-Byg A.m.b.a.

Heidrick & Struggles

Beumer Group A/S

Imbox protection A/S

NRGi Administration A/S

Interflora Danmark A/S

Mjølner Informatics A/S

Yubio ApS

Novicell A/S

Whistleblower Software ApS

Soerensen Leather ApS

Dansk Computer Center A/S

Genitor ApS

DH Media ApS



Reshopper ApS

OfficeLab A/S

Storm Group A/S

Centre for educational Development, Aarhus University

Unik Recruitment A/S


Loyalty Factory ApS

La Cabra Coffee

Principaux dossiers

  • Assisted Delivery Hero with implementing data privacy compliance in relation to Delivery Heros acquisition of Hungry A/S in 2022 and the following launch of foodora Denmark ApS.
  • Assisting Normal A/S with ad hoc privacy related issues and also assisted Normal A/S with an extensive data processor control project.

DLA Piper Denmark

DLA Piper Denmark regularly undertakes the full suite of data privacy matters and is particularly well known for its work involving emerging technologies, offering specialist knowledge of the regulation of biometrics, AI, new AI regulation, ChatGPT and other language models; it also handles whistleblowing solutions, DPO-as-a-service issues, data protection audits and data protection impact assessment methodologies. Practice head Marlene Winther Plas has extensive experience in all aspects of technology-related law and data protection issues, while Jon Lauritzen acts as DPO for clients under the team’s DPO-as-a-service offering.

Responsables de la pratique:

Marlene Winther Plas

Autres avocats clés:

Jon Lauritzen; Martin Hjørlund Nielsen; Anders Nielsen

Les références

‘Jon Lauritzen stands out for being very efficient and good at explaining the topic, and advise on how to address the topic both for data processor agreements and GDPR considerations related to software development.’

‘You can always count on a quick response. You can also count on the task being assessed and the best person for the task being brought forward.’

‘Availability at any time – with a very fast and competent handling – that knows our line of business and the related challenges.’

Principaux clients


Landsbyggefonden (the Danish National Housing Fund)

Økonomistyrelsen (section under the Danish Ministry of Finance)

Skanlog A/S


City of Copenhagen

PNO Holding A/S

Userneeds A/S

Trafikselskabet Movia

DCC Energy A/S


Reckitt Benckiser

Kamstrup A/S

Brøndbyernes IF Fodbold A/S

Auction Group


Small Danish Hotels

The Velux Foundation


TM Group


The Danish Dental Organisation

People Test Systems

University of Copenhagen


Sønderborg Forsyning

Blu Kolding

Principaux dossiers

  • Assisting NIO with its first wave process of entering into and operating on the European market.
  • Assisted Brøndbyernes IF Fodbold A/S with applying for the use of facial recognition technology on the entrances to Brøndby Stadium.
  • Assisting a private dentist and the Danish Dental Association in a High Court case regarding GDPR brought by HK regarding non-material damages.


The GDPR and compliance team at Horten maintains its specialist focus on data protection compliance work in the emerging technology space, including AI mandates, receiving praise for its ‘extremely high’ levels of ‘quality and knowledge’. The group regularly acts across the entire gamut of data protection law, including GDPR compliance projects, analyses of international transfers, and internal investigations. In-depth knowledge of national legislation and experience establishing whistleblower systems are other defining characteristics of the department. IT lawyer Jens Grønkjær Sjølander Pihl and IP and copyright expert Jesper Madsen jointly lead the department.

Responsables de la pratique:

Jens Grønkjær Sjølander Pihl; Jesper Madsen

Les références

‘The partner engagement and availability is exceptional. Furthermore, the quality and knowledge is extremely high and highly appreciated when seeking advice and legal help.’

‘The involvement and ability is exceptional and internally aligned. The teams coordinate well and make it very easy to seek advice.’

‘The ability to quickly understand the challenge at hand and come up to speed is always valued.’

Principaux clients

Pure Gym Denmark A/S (Formerly Fitness World A/S)



Zenegy ApS

Dataetisk Råd

Algorithms, Data and Democracy Project (ADD Project) with coordination from Mandag Morgen ApS

Principaux dossiers

  • Working with DANVA on its guidelines regarding the processing of personal data by water supply companies in Denmark.
  • Advising KOMBIT on GDPR and its interlink with administrative law in relation to the development and deployment of complex, central IT systems to the Danish public sector, primarily municipalities.
  • Advising a clinical biopharmaceutical company on GDPR and the interlink with life science legislation on a continuous basis, including in relation to clinical trials.

Lund Elmer Sandager

Lund Elmer Sandager acts for a wide-ranging domestic and international client base on GDPR issues and advises on the project management of compliance policies in connection with compliance audits, as well as acting as DPO for several companies. The team is praised for its ‘exceptional expertise and specialisation in the field of GDPR’, which is also the core specialism of practice head Torsten Hylleberg, who predominantly focuses on GDPR projects and GDPR issues relating to employee data, compliance issues, and policies regarding organisational security. Hylleberg also acts as DPO for several clients and handles complaints before the Danish Data Protection Agency.

Responsables de la pratique:

Torsten Hylleberg

Les références

‘This practice stands out due to its exceptional expertise and specialisation in the field of GDPR. Their deep knowledge of the regulation sets them apart and reassures clients that they are receiving the most up-to-date and effective counsel in this complex area of law.’

‘One of the unique qualities of this practice is its commitment to tailoring GDPR solutions to individual clients. They understand that GDPR compliance varies across industries and organisations and provide customised guidance accordingly.’

‘The team stays at the forefront of GDPR developments. Clients can expect them to be well-versed in the latest legal interpretations and best practices, ensuring clients stay ahead of compliance challenges.’

Principaux clients


Bagu IT

Data and More



Justface A/S

Autobranchen Danmark


Toyota Financial Services

FREJA Transport & Logistics A/S

TV2 Lorry Broadcasting

Nextway Softway A/S

Momentum Energy Group A/S

Milestone Systems A/S

Delta Galil Inc. (D.G. Organic Basics)

Viggo Energy

Egmont publishing

MG Motors Denmark

Kia Motors Denmark

Bikekey ApS


WorldManuals ApS.

Nordico Supply A/S

Nymølle Stenindustrier A/S


Principaux dossiers

  • Advising Toyota Denmark and Toyota Financial Services on GDPR related issues.
  • Assisting Autobranchen Danmark in relation to a project on personal data protection for its 1,200 member firms.
  • Advising the eight TV2 Regions on GDPR compliance and acting as DPO.

Poul Schmith

Poul Schmith has extensive experience across all aspects of data protection and privacy law as well as the related cybersecurity legislation, including the EU Data Governance Act, AI regulation and the regulation of digital services. Practice head Jakob Kamby handles business-critical data compliance matters, while Martin Sønnersgaard is go-to name for advice on AI issues and is praised for his ‘unique knowledge of data privacy legislation’. At associate level, Kirsten Marie Donato comes highly recommended for ‘her unique ability to present legal obligations in the context of legal risk management and commercial considerations, while always remaining on an eye-to-eye level with the client’.

Responsables de la pratique:

Jakob Kamby

Autres avocats clés:

Martin Sønnersgaard; Kirsten Marie Donato

Les références

‘Poul Schmith’s data privacy and data protection team has aided us with understanding and interpreting the field between legislation and technology within Data Protection. Furthermore our industry legislation has also been incorporated and adapted into any advice.’

‘Martin Sønnersgaard worked as our primary contact person and also key adviser. His unique knowledge of data privacy legislation and other related legislation has been outstanding and he is a very trusted adviser.’

‘Kirsten Marie Donato excels within the area of data protection and AI and has a unique ability to present legal obligations in the context of legal risk management and commercial considerations, whilst always remaining on an eye-to-eye level with the client.’

Principaux clients

Agency for Digital Government

The Danish Agency for Data Supply and Infrastructure

The Danish Building and Property Agency

Statens Serum Institut

Innovation Fund Denmark

Danish Patient Safety Authority

Danish Agency for Higher Education and Science

The Danish Prime Minister’s Office

The Danish Environmental Agency

Coinify ApS

The IT and Development Agency of the Danish Ministry of Taxation

PFA Ejendomme A/S

Flicker Factory

Principaux dossiers

  • Assisting the Danish Agency for Digital Government with providing a new national digital post solution (called Digital Post) for public authorities to communicate securely and digitally with citizens and businesses, and vice versa.
  • Assisting the Danish Agency for Data Supply and Infrastructure with providing a new data distribution platform (called Den Fællesoffentlige Datafordeler) for the distribution of fundamental register data from several public authorities via one platform.
  • Assisting Coinify ApS, a global virtual currency platform, with ensuring compliance with European data protection laws after being acquired by a US-based company in late 2021.

Bruun & Hjejle

Bruun & Hjejle‘s data protection group handles complex, high-end data privacy and data protection mandates, covering all aspects of data work including large compliance projects, GDPR implementation, investigations, litigation and data breaches before the Data Protection Agency, among many others. ‘Go-to practitioner for data privacy matters’ Anna de Vos-Zehngraff provides advice to major Danish and international clients on complex cases about compliance with the Danish and European data protection rules.

Responsables de la pratique:

Anna de Vos-Zehngraff

Les références

‘For the assistance we needed, we worked with Anna de Vos-Zehngraff. The value add we experienced from her was outstanding. The balance between legal requirements, best practices and understanding our business was – from our perspective – perfect. Constantly expanding our trust in her guidance and recommendations.’

‘The GDPR team gives first-class in-depth advice and provides experience and service at the highest level. They keep themselves updated on all relevant data protection regulations.’

‘Anna de Vos-Zehngraff is a go-to practitioner for data privacy matters. She is always accessible at short notice and provides very efficient and always pragmatic advice.’

Principaux clients


Danske Bank


Berlingske Media


Old Irish Pub


Kirk Kapital A/S

Copenhagen Infrastructure Partners

Copenhagen Infrastructure Service Company Ltd.

Alm. Brand Forsikring A/S

International Woodland Company A/S

PFA Pension, Forsikringsaktieselskab

Global Equestrian Group


Veo Technologies ApS

Axcess Nordic A/S

CM7 Invest

Sikkert Samfund ApS

Tessitura Network Inc.

G.S.V. Materieludlejning A/S



DAHL Law Firm

The ‘highly competent’ team at DAHL Law Firm represents large corporations, government agencies and SMEs, and provides specialist advice across all aspects of data privacy and protection law. Team leader Tim Nielsen advises on complex privacy and security situations, including the use and re-use of research data, international data transfers, and IT security and crime matters. Frederik Bruhn leads the wider department, and Mads Nygaard Madsen advises clients on the implementation of compliance programs, drafting of data processing agreements and handling of data breaches.

Responsables de la pratique:

Frederik Bruhn; Tim Nielsen

Autres avocats clés:

Mads Nygaard Madsen; Frans Skovholm

Les références

‘Strong dedication in tasks and a good solution-oriented approach to tasks and issues. In addition, as a customer, you feel prioritised and understood.’

‘Strong professional competencies and good at guiding and challenging our decisions so that we find the best solution together. Can both listen and talk, and then I also appreciate that there is a personal relationship.’

‘The legal team at DALH Law Firm is highly competent when it comes to matters of regulation regarding data privacy and data protection. The firm is strong in conveying complex cases and legal matters in a way that can be understood without having to be a legal expert yourself.’

Principaux clients

DXC Technology


Fødevareforbundet NNF

The Danish Cancer Society

Umbraco A/S

Dantherm Group A/S

Visma Acubiz A/S

ISTA Denmark A/S

Principaux dossiers

  • Advised the Danish Cancer Society as an external DPO.
  • Adviseing Visma Acubiz A/S regarding the drafting of data processing terms and conditions.
  • Advising ISTA Denmark A/S on a daily basis with GDPR-related questions.

Skau Reipurth

Skau Reipurth is well versed in handling full risk analyses and compliance set-ups, alongside acting as external official DPO and GDPR compliance officer for large corporations in Denmark. Mette Vestergaard Huss is known for advising NGOs, worker’s unions and other volunteer and political organisations.

Responsables de la pratique:

Mette Vestergaard Huss

Les références

‘I worked with Mette Vestergaard Huss. I believe she stands out with her preparation and the way she listened. She was very good at explaining the issues in a “down to earth” way – not using to many lawyer expressions that makes things hard to understand.’

‘We have been using Mette Vestergaard Huss for several years now, and are always extremely happy with her and her insights and understanding of our company combined with her in-depth knowledge of technology and data protection. I also want to add that Mette always is a pleasure to work with.’

‘Our collaboration has been of great value for our company, especially because of Mette Huss’ great knowledge and her solution-oriented approach to solving the challenges we present to her.’

Principaux clients


Pack Tech ApS

Kemp & Lauritzen A/S

Pharmadanmark ApS

De Danske Bilimportører

Georg Jensen A/S

Resea Projects ApS

ELF Development A/S

B Cool A/S

Dyrenes Beskyttelse

Forbundet Kultur og Information




Luxplus ApS

Gymnasieskolernes Lærerforening

Initiate ApS

Cathvision A/S

WebItAll ApS

Det Danske Spejderkorps

Principaux dossiers

  • Advised Contura A/S on full internal GDPR compliance.
  • Advised DM on the safety and compliance issues of building a new CRM and ERP system for members of a worker’s union.