Data privacy and data protection in Denmark

Accura Advokatpartnerselskab

Led by Jens Harkov Hansen, who is praised as ‘an outstanding expert within the area of GDPR’, Accura Advokatpartnerselskab advises large national and international organisations on the data protection and privacy elements of transactions. It also handles full-scale compliance projects, GDPR audits and due diligence work, and drafts GDPR codes of conduct. Its expertise spans the healthcare, IT, life sciences, finance and employment sectors; it recently assisted HK, the country’s largest union for salaried employees, with its GDPR implementation, which included preparing and updating relevant documentation and processes and organising workshops and training for members.

Practice head(s):

Jens Harkov Hansen


‘We are using Accura in relation to GDPR. Within this area we find Accura to be very strong.’

‘Jens Harkov Hansen is an outstanding expert within the area of GDPR.’

Key clients

Mundipharma A/S

Lunar A/S

Lessor Group A/S



AP Pension


Undersøgelseskommissionen om SKAT

MSD Denmark ApS, (the Danish subsidiary of international pharmaceutical company Merck Sharp & Dohme Corp.)

Work highlights

  • Advised AP Pension on the data protection aspects related to the outsourcing of health insurance services.
  • Advised Lunar A/S on data protection compliance issues as part of its fintech services.
  • Advised HK on various issues related to data protection and operational GDPR implementation.


Bech-Bruun's expertise spans data compliance programmes and audits, gap analyses, international data transfers, cybersecurity incidents, outsourcing mandates, Data Protection Agency (DPA) notifications and data litigation. In 2019, the firm launched its DPA Service, a digital solution which facilitates clients’ compliance with GDPR requirements in relation to auditing data processors. Clients praise the department for its 'combination of traditional counsel in conjunction with an actual privacy tech tool, which saves a lot of time on the actual implementation of compliance'. Mikkel Friis Rossa heads up the practice, which also includes Susanne Stougaard, who handles vendor and buy-side due diligence work.

Practice head(s):

Mikkel Friis Rossa

Other key lawyers:

Thomas Munk Rasmussen; Susanne Stougaard; Charlotte Bagger Tranberg


‘Susanne Stougaard and her team really stand out. They are highly qualified, have high availability and standard is second to none. They understand our business and meet our requirements in all aspects.’ 

‘Striking a good balance between academics and pragmatism, the team seamlessly engages with our business.’

‘The team is very focused and dedicated – you can reach them at all times and it is the same few, but very capable persons. They have a strong and good knowledge of the law and the client – which is a unique combination.’

‘The combination of traditional counsel in conjunction with offering an actual privacy tech tool saves a lot of time on the actual implementation of compliance.’

‘They are very innovative and have developed good technological solutions for controlling and complying with GDPR rules.’

‘Susanne Stougaard is capable of providing me with advice not only on a very high level from a legal perspective but she also provides me with a sparring partner on how to implement in a way that is possible in reality; this makes her advice more valuable.’ 

‘Charlotte Bagger Tranberg has a rare talent for efficiently de-cluttering complex situations to provide legal solutions that will actually work in a commercial setting.’ 

‘Mikkel Rossa is very knowledgeable, competent and experienced within the field of data protection and privacy. He brought value to the table. In addition, he is nice to work with, easygoing, likeable.’ 

Key clients

ALK-Abelló Group

Salling Group A/S

CNA Insurance

Copenhagen Infrastructure Partners

Motion Picture Licensing Company Denmark A/S

DSV Panalpina Group

Danfoss A/S

Municipality of Copenhagen


Flügger Group A/S

CASA Group

Municipality of Aarhus

can Europe BV

Nordic Entertainment Group

Rockwool International


IDdesign A/S

Danish Crown

ECCO Shoes

The Central Region of Denmark

Kvadrat Group

Finance Denmark

Arla Foods

The Northern Region of Denmark

The Zealand Region of Denmark


Danske Bank

Kolding Municipality



Genmab A/S

Nets Group

Specsavers Optical Group

Municipality of Nyborg


Municipality of Vejle

Bestseller A/S

Georg Jensen

VP Securities


The Region of Northern Denmark



Royal Unibrew

Work highlights

  • Acting for IDdesign A/S following an inspection conducted by the Danish DPA which revealed the organisation stored ordinary personal data longer than necessary; this was the first GDPR matter to be taken before a Danish court.
  • Advising DSV Panalpina Group on its global implementation of GDPR.
  • Advising Kvadrat Group on a global data privacy strategy and a new B2C set up.

Gorrissen Federspiel

Gorrissen Federspiel’s team primarily handles GDPR compliance projects for high-profile national and international corporations; it is also particularly active in assisting clients with implementing binding corporate rules and data transfer schemes. The department is headed up by Tue Goldschmieding, who is also experienced in digitalisation programmes and the related regulatory and contractual issues including advising on new business intelligence models and the use of AI for data analysis. The department also manages enforcement issues, namely inspections carried out by data protection authorities.

Practice head(s):

Tue Goldschmieding

Key clients

Novo Nordisk A/S

Vestas Wind Systems A/S

A.P. Møller- Maersk A/S

Carlsberg Breweries A/S

Region Hovedstaden

Work highlights

  • Assisting Novo Nordisk with a wide variety of data protection matters, including updating binding corporate rules, digital health projects, operational data protection matters, and risk assessment processes.
  • Assisting Vestas Wind Systems A/S with a broad range of data protection matters, including its application for binding corporate rules, internal compliance audits and the implementation of digital compliance processes such as risk assessment processes.
  • Assisted A.P. Moller-Maersk A/S (Maersk) with updating its binding corporate rules, which cover the internal transfer of personal data within the Maersk group of companies, to GDPR requirements.


Horten has extensive experience advising on data protection law and cybersecurity issues; in mid-2020, it established a dedicated personal data group. Key areas of strength include the implementation of GDPR compliance projects, and reporting and managing data protection breaches. Headed up by Birgitte Toxværd, the team regularly handles the data privacy and protection aspects of IT, employment, marketing and public law deals, most notably issues surrounding social media. In 2021, Mads Nygaard Madsen departed to join DAHL Law Firm.

Practice head(s):

Birgitte Toxværd

Key clients

Dansk Metal

Kiloo A/S

The City Municipality of Copenhagen

Rynkeby Foods A/S

Circle K Danmark A/S


Kommuneqarfik Sermersooq (municipality in Greenland)

Léonie Sonnings Music Foundation

The Body Shop

Centralorganisationen af industriansatte I Danmark

DXC Technology (formerly known as CSC)

Work highlights

  • Advised Acubiz on redrafting standard contracts and standard data processing agreements as well as ad-hoc advice on privacy questions.

Kromann Reumert

Noted for its ‘deep knowledge of GDPR’, Kromann Reumert provides ‘attentive and highly qualified advice’ in relation to data protection and data privacy issues. It has notable strengths in GDPR compliance projects, processing activities, data protection audits, security breaches and Danish DPA issues. The group is led by Tina Brøgger Sørensen, who also assists clients with the data protection aspects of M&A transactions and customer profiling, location data and biometric data issues. Another name to note is director Daiga Grunte-Sonne.

Practice head(s):

Tina Brøgger Sørensen

Other key lawyers:

Daiga Grunte-Sonne; Heela Lakanval


‘Great professionals and very personable who always ensure prompt and appropriate responses to each individual case.’

‘Our company has an extremely close and valuable working relationship with Daiga Grunte-Sonne and Heela Lakanval, who are great professionals, good-natured and extremely competent.’

‘The team is particularly strong on combing knowledge of GDPR to the business. Has deep knowledge of GDPR.’

‘Very specialised in the area and good communication skills in order to transfer the heavy legal area in practice.’

‘Great business understanding, the level of legal expertise is very high, fast responders.’

‘What Kromann Reumert does so well as opposed to other law firms is there innate understanding of the law combined with excellent business insight.’ 

‘Kromann’s team provides attentive and highly qualified advice and services regarding data protection.’

Key clients

Codan Forsikring A/S

Ørsted A/S

Nobia Denmark A/S

ID-Sparinvest, Filial af Sparinvest S.A.

Saxo Bank A/S

Adform A/S

Synoptik A/S

Sonova Retail Denmark ApS

Norlys a.m.b.a

4 Finance ApS

Artland ApS

Eurekos Systems ApS

Elgiganten A/S

Fagbevægelsens Fordelsprogram A/S

Danish Building and Construction Arbitration Board

Work highlights

  • Provided GDPR-related assistance on M&A mandates to Ørsted A/S.
  • Advised Saxo Bank A/S on the approval process for binding corporate rules and GDPR compliance matters.
  • Assisted Adform A/S with an inspection by a supervisory authority.


Recognised for being 'on top of all new rules and case law', Plesner’s data protection group has considerable experience assisting clients with operational compliance mandates, primarily on the implementation of GDPR. The group, led by Michael Hopp, acts for an assortment of financial services, IT, energy and transport clients. Other areas of focus include strategic planning mandates relating to personal data, individual privacy issues and the preparation of draft agreements.

Practice head(s):

Michael Hopp

Other key lawyers:

Jesper Husmer Vang


‘Michael Hopp knows the privacy industry inside out. He knows the DPA well and understands how they will reason. Gives very trustworthy on-point advice that’s not just about what the law says.’

‘Very skilled and experienced, on top of all new rules and case law, always accessible and a pleasure to work with. They have a huge network within the industry and public authorities, enabling them to always be one step ahead.’

‘Michael Hopp is always accessible, highly competent and pragmatic. Flexible in terms of designing tasks to cut costs and sharing of templates.’

‘Michael Hopp has a broad network of authorities and other key stakeholders within the area with the possibility of informal clarifications and discussions, not to forget outstanding expertise and knowledge.’

‘Michael Hopp and Jesper Husmer Vang’s knowledge and experience within all aspects of data protection, theoretical as well as practical, make them second to none within their field. There are no others I would rather exchange views, opinions and discuss challenges regarding data protection with.’

Key clients


Københavns Lufthavne (Copenhagen Airports)

Semler Gruppen

Gjensidige Forsikring

Danske Bank

Bonnier Publications


Sund & Bælt Holding

SEAS-NVE Holding





Nationalt Genom Center

Ford Motor Company

Work highlights

  • Assisting the new public authority, Nationalt Genom Center, with drawing up mapping and data protection impact assessments regarding the activities in the centre.
  • Advised Semler Gruppen A/S on its large GDPR compliance project and providing ordinary day-to-day GDPR advice on an ongoing basis.
  • Assisting Ørsted with data protection matters on an ongoing basis, including the development of models for data mapping, GAP analysis of business processes and the analysis of the data protection roles.

Bird & Bird Advokatpartnerselskab

Acting primarily for corporations and large public authorities, Bird & Bird Advokatpartnerselskab’s expertise runs the gamut of data protection and privacy regulatory mandates. It specialises in GDPR compliance issues and projects in the technology sector. Michael Gorm Madsen heads up the team, which also handles subject access requests, data breaches, data processor agreements, international personal data transfers and audits; Madsen also represents clients before the DPA. Another name to note is senior associate Katja Djurhuus, who displays ‘impressive, in-depth theoretical privacy knowledge’.

Practice head(s):

Michael Gorm Madsen

Other key lawyers:

Katja Djurhuus


‘They are really good at understanding the customer needs and are quick to understand our business needs and then deliver on it.’

‘Strong team – effective cooperation and alignment. A high degree of specialist knowledge available.’

‘High degree of responsibility and ownership. Katja Djurhuus really cares for her clients and goes the extra mile.’

‘They are experts in the broad sense of the word – can be used for very industry-specific and detailed privacy matters.’

‘Katja Djurhuus has impressive, in-depth theoretical privacy knowledge. Combined with her very practical and pragmatic approach she is a really strong asset for our privacy team.’

‘B&B are very pragmatic in their handling of matters for us. They have an excellent understanding of our business needs in regards to compliance requirements.’

‘Katja Djurhuus with whom we work on GDPR is excellent in her handling of our matters and also a really nice and pleasant person.’

Key clients

WS Audiology (Widex) A/S

Københavns Kommune (Municipality of Copenhagen)


Ciklum (

Kombit A/S

Den Storkøbenhavnske Digitaliseringsforening

Coloplast A/S



Danish Ministry of Taxes

DanFoam/Tempur Sealy

Fujitsu A/S

FDIH (Organisation of E-trade)

Work highlights

  • Advised DUOS on its role as data processor and/or controller in relation to the various services provided by the company.
  • Advising Widex on all aspects of its day-to-day GDPR compliance work both in relation to the effects of the recent merger with Sivantos.
  • Assisting (part of a Swedish listed group of trade businesses) with a matter where a user has filed a complaint to the Danish DPA relating to the use of cookies and processing of personal data on the website.

Bruun & Hjejle

As 'one of the most highly regarded lawyers within her field', Pia Kirstine Voldmester heads up Bruun & Hjejle's data privacy and data protection team, which handles a broad array of matters for both domestic and international clients. Key pillars of the 'highly skilled and knowledgeable' group include compliance projects, day-to-day compliance issues, GDPR implementation, investigations, litigation, impact assessments, and claims and data breaches before the DPA. In addition, the team has a track record in the data aspects of outsourcing projects and M&A transactions.

Practice head(s):

Pia Kirstine Voldmester


‘The practice is highly skilled and knowledgeable, securing alignment with goals in a compliant and diligent manner.’

‘Pia Voldmester has a unique combination of business understanding and theoretical knowledge – and has the ability to combine those two things into business practical advice.’

‘Pia Voldmester (including her team) is one of the key Danish legal scholars with hands-on experience from before personal data became truly interesting. She has great knowledge of the financial industry as well and is usually able to respond to questions with straight and practical answers, and her assessments are usually spot on.’

‘Pia Kirstine Voldmester’s knowledge of data privacy and data protection is excellent and she has deep knowledge within this area.’

‘Pia is very solid within GDPR. She has been working with personal data for many years and clearly knows a lot of background information, case law etc. by heart.’

‘Bruun & Hjejle can deliver top legal advice put into a pragmatic and commercial useable context.’

‘Pia Voldmester possesses a remarkable legal knowledge and experience – combined with the ability to convey difficult legal matters in an accessible and understandable form.’

‘Pia Voldmester is clearly one of the most highly regarded lawyers within her field. She has unique knowledge and a great network to leverage.’

Key clients


Danske Bank


Taxa 4×35

Master Danmark

Praktiserende Lægers Organisation (PLO)

Sampension Administrationsselskab


Falck Danmark

H. Lundbeck




Salus Group

Tryg Forsikring


Work highlights

  • Advising state-owned TV2 on a number of data-related matters as well as ongoing advice regarding compliance with GDPR.
  • Advising Danske Bank on GDPR issues, DPA negotiations, investigations and risk assessments related to investigations into the non-resident portfolio of customers in the bank’s Estonian branch and accompanying AML issues.
  • Advising Praktiserende Lægers Organisation on various aspects of data protection in relation to medical practitioners in Denmark, including IT contracts, data processing agreements, the use of sub-processors in third countries, and the development of APP services.


The Aarhus-based practice at Clemens has a notable track record in data protection project management work, enabling the team to assist clients with the implementation of GDPR compliance programmes in particular. 'Extremely knowledgeable' group head Tommy Angermair is experienced in the employment aspects of data issues; elsewhere within the larger group, the 'incredibly skilled' Camilla Fink heads up the data privacy team.

Practice head(s):

Tommy Angermair; Camilla Fink


‘Camilla Sand Fink is an incredibly skilled person within her field. Not only does she have the theoretical knowledge when it comes to GDPR, but she has also worked with it in practice. She is understanding, and listens, and has a nice approach on how to handle things.’ 

‘We have had the great opportunity to work with Camilla Sand Fink, who is helping us with GDPR compliance. Until now I have been very happy with the knowledge of the area and the willingness to seek solutions which can be implemented in practice.’

‘Clemens always provide tangible and operationally manageable solutions to challenges regarding data privacy and data protection. Their pragmatic approach to complex challenges makes this practice unique and they have a broad and deep knowledge on the subject.’ 

‘Competent and in-depth specialist knowledge about GDPR.’

‘Clemens’ data privacy team is one of the most knowledgeable DP teams and in addition to that possesses extensive practical experience from various types of organisations.’

‘Tommy Angermair is always available, pragmatic and very competent in the areas where he is a specialist. ’

‘Clemens is an exceptional firm on so many fronts. Data privacy and data protection is just one area where they shine. As the rules and regulations around privacy and security continue to evolve, I appreciate the thoughtful approach Clemens takes to the matter. They provide well-researched, clear guidance and recommendations.’

‘Tommy Angermair is extremely knowledgeable in the intricacies of Denmark regulations, but also brings to the conversation a deep understanding of best practices amongst companies and what employees expect of top employers.’

Key clients


Universal Robots

Mobile Industrial Robots


XL-BYG a.m.b.a.

Tømmergaarden A/S

CF Petersen & Søn A/S

Brejnholt Gruppen



Boligforeningen Ringgården

Vestjylland Forsikring

Beumer Group

Work & Co

Heidrick & Struggles



Mjølner Informatics

Kyocera Unimerco Tooling

Frontmatec Group

Soerensen Leather



Loyalty Factory

Work highlights

  • Assisted Universal Robots with project management issues and the ongoing maintenance of its overall global compliance programme, as well as a comprehensive data flow mapping and major GAP-analysis.
  • Assisted Mobile Industrial Robots with project management work and the ongoing maintenance of its overall global compliance programme, as well as a comprehensive data flow mapping and major GAP-analysis.
  • Assisted XL-BYG A.m.b.a with the preparation of the organisation’s overall compliance programme, including assistance with the initial data flow mapping and preparation of mandatory documentation and employee training to all shareholders.

DLA Piper Denmark

The team at DLA Piper Denmark covers the full spectrum of data protection and data privacy work, leveraging the firm's data breach assessment tool NOTIFY, as well as a Data Protection Impact Assessment portal, which streamlines the process. The team, which is spearheaded by Marlene Winther Plas, is skilled at assisting clients with the implementation of compliance programs, employee training programmes, control measures concerning data transfers, personal data issues relating to product developments and inspections, data breaches and crisis management work.

Practice head(s):

Marlene Winther Plas

Other key lawyers:

Jon Lauritzen

Key clients

Abbott Laboratories

Air Alsie A/S

AON plc


Brøndbyernes IF Fodbold A/S

City of Copenhagen

Colas A/S

Dan Church Aid

Landsbyggefonden (the Danish National Housing Fund)

DCC Energy A/S

Dustin AB

EDC Gruppen A/S

Euro Accident

GS1 Denmark

Kamstrup A/S


Ministry of Finance


People Test Systems A/S

PNO Holding A/S

Reckitt Benckiser

Skanlog A/S

Trafikselskabet Movia

University of Copenhagen

Userneeds A/S

Work highlights

  • Advised Brøndby IF on its ongoing work relating to the planned expansion of its Automated Facial Recognition system approved in 2019.
  • Advised the City of Copenhagen on the development of new methodologies and procedures regarding carrying out Data Protection Impact Assessments (DPIA) as well as auditing data processors.
  • Advised Dan Church Aid on all data privacy aspects of the platform, including the legal relationship between stakeholders, rights to data and the protection of end-users.

Lund Elmer Sandager

Knowledgeable, extremely flexible and service-oriented’, Lund Elmer Sandager's practice primarily assists clients with GDPR compliance projects; it also has experience with data documentation, project management issues, and the data implementation elements of IT and technology projects. The department is headed up by GDPR specialist Torsten Hylleberg, who is cited for his 'deep knowledge of the market and the needs of his clients’. He also handles complaints before the Danish DPA and DPA audits, and acts as DPO for several companies.

Practice head(s):

Torsten Hylleberg


‘The team is fronted by Torsten Hylleberg, who has a deep knowledge of the market and the needs of his clients.’

‘They are a knowledgeable, extremely flexible and service-oriented firm.’

‘The team at LES has been extremely responsive in every single contact we have had with them. They are truly knowledgeable in every aspect.’

‘Torsten is kind and well skilled in his area. He is always available to give the immediate ad hoc advice when we need it.’

‘Torsten Hylleberg has made a world of difference for our business, helping us to develop legal documents to support all new business models. His balance of theoretical legal knowledge and practical experience from the ‘real world’ is unique.’

Key clients


Autobranchen Denmark


Toyota Financial Services

FREJA Transport & Logistics A/S

TV2 Lorry Broadcasting

Multi-Support International

Work highlights

  • Assisting the members of DJØF with GDPR questions.
  • Assisting Autobranchen Danmark in relation to a project on personal data protection for its 1200 member firms.
  • Advising the eight TV2 Regions on GDPR compliance issues.


With capabilities across the spectrum of data privacy and protection issues CO:PLAY also leverages a new spinoff from the firm’s software development unit called Maigon; founded in 2020, it provides legal artificial intelligence solutions, including Maigon DPA for automated reviews of data processing agreements, and Maigon PPC, which reviews privacy policies for GDPR compliance projects. Niels Dahl-Nielsen and Heidi Højmark Helveg jointly head up the team, which also handles personal data transfers and data breach preparation and responses.

Practice head(s):

Niels Dahl-Nielsen; Heidi Højmark Helveg

Key clients

Globeteam A/S

Capgemini Sverige AB

Capgemini Denmark

Hiper A/S


Tobi ApS


Vivino ApS



Rovio Copenhagen

Godt Smil Tandlægerne

Vestegnen HF & VUC

Intellecto ApS

Phases ApS


Hammer Andersen I/S

Work highlights

  • Assisting Capgemini Sverige AB with data protection advisory services and contract negotiations.
  • Acting as Data Protection Officer to AudienceProject and advising on data protection issues.
  • Assisting Rambøll with a GDPR audit which assesses the client’s processes, systems, records and activities in order to provide advice on a wide range of data protection matters.

Nielsen Nørager

With capabilities across a broad range of data protection and data privacy issues, the team at Nielsen Nørager, which is jointly led by Anders Valentiner-Branth and Claude Winther Nielsen, specialises in assisting trade unions and public authorities. It has experience in handling large data protection compliance projects, Danish DPA inspections, data subject complaints, data protection litigation and data breach procedures.

Practice head(s):

Anders Valentiner-Branth; Claude Winther Nielsen


‘The team is very knowledgeable and has a very high level of business approach combined with a no-nonsense approach to legal counselling.’ 

‘Claude Winther Nielsen has a very high knowledge of our business and the business area we operate and he is therefore capable of giving us very high value on all aspects we seek his counselling.’ 

‘They have a very high level of knowledge of complex issues, and an excellent way of managing barriers for clients.’

‘The individuals I work with are very professional and have high expertise together with an outstanding empathy for what the problem is, and how to solve these problems in my organisation.’

Key clients

The Municipality of Gladsaxe

The City of Copenhagen

The Danish Trade Union Confederation (FH)

The Danish Association of Social Workers

Columbus A/S

Atea A/S

Falck Group

Work highlights

  • Representing the Municipality of Gladsaxe in civil lawsuits regarding a personal data breach.
  • Advising the City of Copenhagen on various legal assessments concerning data protection and data privacy law.
  • Advising the Danish Trade Union Confederation on various legal assessments concerning data protection and data privacy law.

Skau Reipurth & Partnere

Skau Reipurth & Partnere is particularly active in individual data protection and HR-specific data privacy issues, as well as large GDPR compliance projects. The team also represents employers and employees in data-related employment litigation. Bo Enevold Uhrenfeldt leads the group alongside Mette Vestergaard Huss, who has a strong track record in assisting non-corporate associations, NGOs, worker’s unions and other volunteer and political organisations with data privacy matters.

Practice head(s):

Mette Vestergaard Huss; Bo Enevold Uhrenfeldt

Key clients

Dansk Magisterforening

Kemp & Lauritzen A/S

Danske Skoleelever

ELF Development A/S

Dyrenes Beskyttelse

Dansk Bibliotekarforbund



SMV Danmark

Gymnasieskolernes Lærerforening

Initiate ApS

WebItAll ApS

De Danske Bilimportører

Total Upstream Danmark A/S

Work highlights

  • Assisted Dansk Magisterforening with a large risk analysis and full compliance process.
  • Assisted Total Exploration and Production Denmark A/S with a project ensuring data protection compliance as part of a large scale reorganisation.
  • Assisted KPMG Acor Tax with ensuring GDPR compliance and legal guidance on data processor agreements.