Data privacy and data protection in Sweden

Advokatfirman Cederquist KB

Advokatfirman Cederquist KB covers all aspects of data privacy and data protection issues relating to GDPR, the e-privacy directive, and other data protection legislation; it also provides risk assessments to organisations regarding outsourcing arrangements and cloud services. The IT and telecoms team is headed up by Johanna Linder, who has expertise in data privacy and IT security matters, while Malin Allard leads the IP and media team. Henrik Lindstrand focuses on GDPR projects, data protection impact assessments and data policy documents. Daniel Eriksson is another key contact.

Practice head(s):

Johanna Linder; Malin Allard


‘A team and individuals that are genuinely very nice to work with and which provide pragmatic advice that my business can easily apply.’

‘High availability, attention to detail, takes responsibility for client.’

‘Very engaged and knowledgeable in the field.’

‘Cederquist has long and extensive experience in working with data privacy and data protection questions. They are on the forefront of legal developments and always have pragmatic legal advice to find solutions to data privacy and data protection questions.’

‘Johanna Linder is a stand out partner in this field and can provide clear and pragmatic advice in the area of data privacy and data protection. We sometimes work directly with Johanna and have been very happy with her legal advice in this area and ways to find solutions. Johanna Linder also builds strong legal teams with associates that provide excellent advice but she is always informed and available for them if there is something they need to verify with her.’

‘Cederquist has been very educational and has an understanding of the business and its maturity regarding IT security and GDPR. There is both a cutting-edge competence and a wide set of skills that is valuable to us.’

‘Johanna Linder has had a very good understanding of our industry and has the ability to explain in a way that becomes clear to all concerned. We have received quick feedback on our questions.’

‘They are quick to respond and deliver. Besides excellent knowledge in Data privacy and data protection, their advice is always pragmatic and easy to implement.’

Key clients

Swedbank AB


Föreningen Svensk Elitfotboll

PostNord AB

BillerudKorsnäs AB


TV4 Media

Elekta AB


Bonava AB

Acast AB

SignUp Software AB

Budbee AB

Work highlights

  • Advised Swedbank on data privacy matters including risk assessments and the implementation of business processes within the department of IT and Digital Banking.
  • Advised BillerudKorsnäs on various matters related to data protection.
  • Advised Svensk Elitfotboll on matters related to digitalisation, big data and other data protection related issues.

Cirio Advokatbyrå AB

Cirio Advokatbyrå AB’s data privacy and information security practice advises domestic and international clients on the regulatory, operational and strategic aspects of data privacy. The firm covers all aspects of data work from building sustainable privacy programs to operational processes and governance models. The team is led by Caroline Olstedt Carlström, who has more than two decades’ experience in data protection matters. David Frydlinger has extensive expertise in data protection matters and preparing IT and telecoms contacts.

Other key lawyers:

David Frydlinger 


‘The team lead by Caroline is competent, friendly and efficient.’

‘Caroline is the best resource they have. Excellent overview over privacy issues.’

‘Solid yet pragmatic advice packaged in a comprehensible way. Very good industry knowledge.’

‘The team, in particular Caroline, is a pleasure to work with.’

‘Besides the fact that they know what they are supposed to know, they are very good at building teams of different competences for a fast way ahead. They are keen on knowing your business and your needs, that they combine with relevant information. They help you either by supporting your own in-house work or taking the front role. Based on the purpose and best practice, no prestige involved.’

‘Always easy to collaborate with, they are interested not only in the specific question but the context to contributing to the bigger picture. They are easy and flexible to get in touch with. They have good practical examples that make the understanding of complex matters easier.’

‘The team is competent, efficient, service-minded and a pleasure to work with.’

‘They are very innovative when it comes to how they work, eg. processes, how they use modern technique, AI, etc. Caroline Olstedt Carlström has also excellent privacy lawyers in her data privacy and data protection team.’

‘David Frydlinger, the MP at Cirio, is a person that has a great deal of analytical skills. He is also the father of the modern way that Cirio operates.’

Key clients



Nasdaq Nordic and Baltic regulated companies

Dustin Group



Enento Group (UC, Asiakastieto and Proff)





Noviral AB


Fryshuset Foundation

Prince Carl Philip and Princess Sofia Foundation


Altitude 365

City of Stockholm

Work highlights

  • Advised Nasdaq Nordic and Baltic regulated companies on different data privacy related matters.
  • Advised Enento Group (UC, Asiakastieto and Proff) on different data privacy related matters.
  • Advised Prince Carl Philip and Princess Sofia Foundation on data protection and data privacy related matters, including legal assessments, internal compliance and governance issues.


Established in early 2021, data protection and employment boutique edpLaw leverages the experience of former Advokatfirma DLA Piper Sweden KB practitioners Johan Sundberg, Johan Thörn and senior associate Fredrik Eråker to advise a variety of global and national clients on data issues. Noteworthy examples include the Swedish Equality Ombudsman, Klarna Bank and ICA Gruppen. The group is highly experienced in GDPR mandates and also assists with data breach responses, cross-border data transfers, data impact assessments and data litigation.

Practice head(s):

Johan Sundberg; Johan Thörn

Other key lawyers:

Fredrik Eråker


‘Johan Sundberg’s insights and business understanding is unique and creates opportunities that competitors are not able to produce.’

Key clients

Swedish Equality Ombudsman

Region Skåne

Klarna Bank AB

Swedbank AB

ICA Gruppen AB

Advania Sverige AB


Ragn-Sellsföretagen AB

Mercuri Urval KMR AB

Svensk Fastighetsförmedling AB

Advokatfirman Kahn Pedersen KB

The digital practice at Advokatfirman Kahn Pedersen KB is known for its expertise in GDPR mandates, information issues, and Secrecy Act work along with public sector and cybersecurity matters. The firm advises on public procurement and technology matters in the data protection areas, and co-head Daniel Lundqvist handles cloud strategies, data commercialisation mandates and GDPR compliance projects. Co-head Johan Kahn focuses on cloud computing issues and the transfer of data to third countries for the banks, insurance, and industrial companies. Legal technology officer Staffan Malmgren covers cybersecurity issues.

Practice head(s):

Daniel Lundqvist; Johan Kahn

Other key lawyers:

Martin BrinnenStaffan Malmgren


‘Kahn Pedersen’s highly specialized Digital Practice is unique since so many excellent and highly specialized lawyers are members of the team. The key strengths of the team are unrivalled legal proficiency, exceptional knowledge regarding the financial industry as well as the suppliers. In many ways Kahn Pedersen is a thought leader when it comes to legal issues like cloud computing and digitalization projects where they take the lead by publications and pushing the leading suppliers in the right direction. Kahn Pedersen is the number one firm for digital matters in Sweden.’

‘Johan Kahn is our main contact and in addition to him we would like to mention Daniel Lundqvist and Martin Brinnen. We have worked with Johan Kahn for a long time and he is the number one lawyer for cloud computing matters, IT contracts and outsourcings. Daniel Lundqvist is one of the foremost IT lawyers in his generation. Martin Brinnen is arguably the leading data protection lawyer in private practice in Sweden.’

Key clients

Länsförsäkringar Group

Getswish AB

Invidem AB

Fortum Group

Vossloh Group

The Swedish Union of Trade Employees

Akelius Residential Properties AB

Svenskt Näringsliv

Stanley Security AB

Symplify Technologies AB

Work highlights

  • Advised Länsförsäkringar AB on matters related to cloud computing and other data protection matters.
  • Advised Invidem on complex vendor negotiations with multiple global and national vendors for e.g. data, SaaS and infrastructure services.
  • Advised Getswish AB on complex data protection and sourcing matters.

Mannheimer Swartling

Mannheimer Swartling has experience in handling data protection and privacy issues such as GDPR requirements, cross-border data sharing and processing work, and data protection impact assessments for regulated companies. The firm advises on corporate expansions and M&A issues along with advising on the sustainability and ethical aspects of personal data usage for investors and consumer-focused technology clients. The head of the corporate sustainability and risk management group Erica Wiking Häger focuses on compliance and contentious matters for retail, financial services, technology and automotive sector clients and also leads the privacy team. Co-head Niklas Sjöblom is active in data protection and cybersecurity issues.

Practice head(s):

Erica Wiking Häger

Other key lawyers:

Niklas Sjöblom; Anders Bergsten


‘Mannheimer Swartling has a large team of data privacy experts that stays connected to surrounding areas of law such as IT sourcing; this gives the team the possibility to give well balanced and pragmatic advice and guidance on how to practically implement such advice.’

‘Anders Bergsten had the knowledge and competence we were looking for in this particular matter. His advice was on point and I really appreciated that he is easy to work with and attentive to his client’s wishes. We came along really well and it was easy to collaborate with Anders.’

‘Very professional team.’

‘Erica Wiking Häger is a well respected professional with a long background in data protection and privacy related matters.’

‘Well kept practice, professional approach, always responds in a timely manner, a wide range of experts ensures that bordering questions (e.g. protective security) are juggled seamlessly.’

‘Meticulous, knowledgeable, pleasant to deal with, responds in a timely manner, grasps the problem easily.’

‘Partner Anders Bergsten has contributed with personal commitment and dedication in combination with very high skills, sensibility and an ability to address relevant legal issues. Anders Bergsten is solution-oriented, providing relevant and balanced advice with clear insight and with a pedagogical way of explaining.’

‘Mannheimer Swartling’s data privacy and data protection practice team has very solid professional privacy knowledge that they can apply in a way that very much understands the client’s needs and the underlying business. Therefore, ensuring compliance is a practical, “user friendly” exercise and can be executed on a risk-based approach.’

Key clients









Work highlights

  • Assisted Klarna Bank with designing an industry initiative for the purpose of combatting online fraud and identity theft.
  • Advised ATG on its ambitious and successful GDPR compliance programme.
  • Assisted Spotify with its engagement in the Libra digital currency project which was initialised by Facebook.


The IT team at Setterwalls has expertise in a vast range of data protection and privacy matters, including cybersecurity matters. The head of the IP and technology practice group Fredrik Roos regularly advises on complex privacy matters related to the introduction of modern technologies and services and leads on GDPR compliance projects. Joacim Johannesson assists banks and fintech companies with cybersecurity assessments and consumer data processing requirements. Co-head Jörgen Axelsson handles data privacy issues in the healthcare sector, while Sophia Spala focuses on data protection matters in complex commercial and regulatory environments. Marc Tullgren is also recommended.


‘The Setterwalls privacy team are always available and ready to give useful and practical advice even if the matter or issue is vague or complicated.’

‘Niklas Follin delivers practical advice that is always business minded and on time. A star in my view.’

‘Ability to respond quickly.’

‘Quick and reliable information with quality; professionalism; friendliness.’

‘The team is always ready to provide relevant guidance to the client, regardless of client’s own maturity. Setterwalls has shown broad and deep understanding of the data privacy and data protection practice within Europe.’

‘Partner Fredrik Roos has a unique understanding of the data role in future business model. He has ensured that our Company is well protected against future unknowns without limiting the possibility to work with partners, customers and suppliers in a good way.’

‘Versatile practice group but we primarily work with Fredrik Roos.’

‘Fredrik Roos is very pragmatic and leads projects independently.’

Key clients

Stena Line AB

Novacura AB

Talentwise AB

Ford Motor Company AB

Alligator Bioscience AB

Novo Nordisk Scandinavia

Safeture AB

Ascelia Pharma AB

The Central Bank of Sweden

Agency for Digital Government (DIGG)

Trustly Group AB

FNZ Group

Embark Studios AB

Doktorse Nordics AB

Work highlights

  • Represented The Central Bank of Sweden in several IT and Data Protection related matters.
  • Assisted Doktorse Nordics AB with all significant IT and privacy matters and several negotiations where, besides its ordinary healthcare operations, provides its telemedicine platform to other healthcare players.

Advokatfirman Delphi

Advokatfirman Delphi’s data protection and privacy team handles all types of regulatory issues for financial services clients and handles the privacy aspects of procuring cloud, outsourcing and SaaS services. Peter Nordbeck, who leads the team, advises banks, insurance companies and corporations on outsourcing transactions, license agreements, and other matters in the IT sector, while co-head Agnes Hammarstrand assists major Swedish retail chains with e-commerce, digitalisation and privacy projects. Johan Engdahl is also recommended.

Practice head(s):

Peter Nordbeck ; Johan Engdahl


‘Very strong TMT practice.’

‘Agnes Hammarstrand is very responsive, hands-on and pragmatic.’

‘The practice members are responsive, pragmatic and commercial in their advice.’

‘Agnes Hammarstrand is an expert at data protection.’

‘A diverse team of lawyers well versed in both the law and the business. Truly experts in this field and amazing partners to work with.’

‘Agnes Hammarstrand is superior in the field of privacy law.’

‘Agnes Hammarstrand is pragmatic and gives hands-on advice, based on extensive experience.’

‘Great people, who are nice to be and work with.’

Key clients

Google LLC

Cerner Sweden AB

Afry (ÅF / Pöyry Group AB)


Load Impact AB

Swedish Church

PRI Pensionsgaranti

Hedin Group

Eton Shirts

Peab AB

Geely Sweden Holdings AB

Hellström Law

Hellström Law’s team advises on all Swedish and EU data privacy and data protection law matters, including personal data breaches, cybersecurity issues, and GDPR compliance projects for companies and organisations in the public and private sectors. Practice head Anna Fernqvist Svensson has expertise in reviewing and drafting data processing agreements, along with matters related to the protection of personal data and the transfer of personal data to third countries. Associate Mina Gholiof focuses on GDPR and healthcare matters.

Practice head(s):

Anna Fernqvist Svensson


‘They respond quickly and have excellent knowledge in GDPR related issues.’

‘Anne Fernqvist Svensson who is head of the Data Protection and Privacy practice group offers very practical and useful advice, and is combining Data protection advice with advice in employment law, which has been very useful.’

‘Fast and accurate help when needed. Covering lots of different segments.’

‘The Hellström team has provided valuable legal advice in relation to Data privacy and data protection, demonstrating exceptional capability to adapt our corporate standard package solution to local needs and compliance with local laws and standards.’

‘Anna Fernqvist Svensson and Mina Gholiof truly stand out displaying extraordinary understanding of the complexity of the issue and the trade-offs at hand. We valued their pragmatic approach, their understanding of our needs and challenges as well as limitations.’

‘Anna Fernqvist Svensson is very competent in her legal area. She is also an agreeable person to work with.’

‘The team is highly competent and supports their clients in a very professional manner. They are very responsive and available with short notice when required.’

‘Competent, responsive, professional, cooperative, supportive, easy to work with.’

Key clients

FKP Scorpio Sverige AB

Grifols Nordic AB

Work highlights

  • Advised FKP Scorpio Sverige AB, a global leading organiser of concerts and festivals, during the Covid-19 pandemic on all specific matters relating to data privacy and data protection.
  • Advised Grifols Nordic AB, a global healthcare company and industry leader in the production of plasma-derived medicines, on a whistleblowing scheme and other data privacy and data protection issues.


The data protection group of Roschier provides its expertise in data protection matters to TMT, IP, and life science sector clients. The firm also covers audit issues related to data breaches, personal data transfers, and exception applications regarding the processing of personal data related to criminal offences. Practice head Björn Johansson Heigis represents data-intensive companies in the Nordics in all kinds of data protection matters. Senior Associate John Park is also a core member of the team.

Practice head(s):

Björn Johansson Heigis

Other key lawyers:

John Park


‘They are very good at looking at the whole picture and simplifying contractual processes in general.’

‘The Roschier Data privacy and data protection team is highly knowledgeable, always available, and exceptionally adapt at triangulating data privacy issues.’

‘Björn Johansson Heigis has a broad knowledge within his field, excellent communicational skills, and high availability.’

Key clients



Epic Systems Corporation

Ontario Teachers


Telia Corporation

Hemnet Group


Advokatfirman Vinge

Data privacy and data protection work is an integral part of Advokatfirman Vinge’s TMT practice, which is led by Eva Fredrikson and Henrik Borna. It handles all data-related issues, including disputes, GDPR projects and the data elements of M&A. The team is well known for offering local law advice and handling cross-border work for clients from the public and private sectors. Nicklas Thorgerzon has comprehensive experience in representing clients in data-related disputes before the Swedish courts, and jointly leads the practice with Emelie Svensäter Jerntorp, who assists clients with GDPR implementation and compliance work.

Other key lawyers:

Karl-Hugo Engdahl; Lena Westberg


‘Vinge’s team is excellent in understanding your situation and can give advice based on broad knowledge. The individuals in the team have specialized in different areas, which gives you an expert in every field.’

‘Emelie Svensäter Jerntorp is very good at understanding your problem/question and give you quick and informative advice. I am grateful for our collaboration.’

‘Vinge’s data privacy and data protection practice is great. We purchase services from this team on a regular basis, based mainly on their excellent advice but also on the fact the their advice is always suited for our business and can easily be put into practice. The team handles all kinds of GDPR related requests in a highly professional manner. The availability and pragmatic advice truly makes the team stand out.’

‘The level of understanding of our business – what to focus on / being pragmatic but still professional – and the way their advice can always easily be put into practice, make Nicklas Thorgerzon a great contributor to this team who should be mentioned.’

‘Great knowledge in the field, quick and correct info. Easy to work with.’

‘Nicklas Thorgerzon is an amazing lawyer. Exceptional knowledge in his field, super nice to work with, easy going and very quick. He is key to our business.’

‘Solid advice, very good knowledge of the market and very available. Always deliver on time.’

Key clients



Lead investors CPP Investments

Fidelity Management & Research Company LLC

Star Stable

Aller Media

ForSea AB (formerly HH Ferries)


Work highlights

  • Advised Tele2 on various data protection issues, including an ongoing investigation by the Swedish Data Protection Authority.
  • Advised IT‑provider company Advania on data protection aspects in connection with the divestment of a majority of the shares.
  • Advised Star Stable on various data protection aspects, including in relation to processing of child personal data.

Baker McKenzie

The data protection and privacy team of Baker McKenzie has expertise in privacy, data security and data compliance projects, and information management work. Practice head Peder Oxhammar focuses on IP and IT work, including contentious issues, strategic mandates and licensing matters.

Practice head(s):

Peder Oxhammar


‘They have a very professional team, plenty of resources to handle any assignment.’

‘Peder Oxhammar is a great lawyer and team leader.’

Key clients

Eniro AB

KRY (Webbhälsa AB)


Indivd AB

Work highlights

  • Advised directory service company ENIRO on a range of issues including commercial contracts, IT contracts, licensing issues and data privacy work.
  • Assisted KRY with the implementation of its service across various jurisdictions including Sweden, France, UK and Spain.
  • Represented Storytel in a wide range of assignments related to its streaming services of audio books in a number of jurisdictions.

Bird & Bird

The data privacy and data protection group of Bird & Bird handles matters concerning various sectors including the automotive, media, healthcare, technology and communications industries. The firm also assists with GDPR and general privacy compliance, data breaches, data transfer challenges, and online tracking issues. The team is led by Mattias Lindberg, who covers all contentious and non-contentious matters and advises on cybersecurity mandates, data breach compliance issues and audits.

Practice head(s):

Mattias Lindberg 


‘Bird & Bird are outpacing the competition due to Mattias Lindberg being there. Mr Lindberg holds a phenomenal combination of subject matter expertise as well as a exquisite sense of what is to be prioritized. The ways Bird & Bird collaborates with us as customers makes us grow in our business.’

Key clients

3G Infrastructure Services AB


AB Svensk Bilprovning

RCO Security AB

The Fourth Swedish Pension Fund

Åke Sundvall Byggnads AB

Contiga AB

HeidelbergCement Sweden AB

The First Swedish Pension Fund

The Third Swedish Pension Fund

Work highlights

  • Assisted AB Svensk Bilprovning with all drafting, negotiations, as well as other strategic and legal considerations relating to the procurement of all its customer communications in both physical and digital channels.
  • Assisted Åke Sundvall Byggnads AB with issues relating to smart buildings.
  • Assisted Kontakta and its member companies with all questions in respect of the daily business of call centres and industry specific questions and the legal developments within the industry.

Advokatfirma DLA Piper Sweden KB

Advokatfirma DLA Piper Sweden KB has extensive experience in handling data-related matters for global financial institutions, high-tech companies, defence clients and other businesses across multiple jurisdictions. Jennie Nilsson heads up the practice and advises on data privacy and information security issues as a part of cross-border transactions.

Practice head(s):

Jennie Nilsson


‘The team continuously works with creating tools and using technology to make data privacy a business enabler and not a showstopper.’

‘Stand out for their availability, level of services, the way they acted and treated me during the period they helped me.’

‘They were always quick in their responses and very accurate in their services. Very competent in the way in which they would summarize complex issues and come up with a useful solution.’

Key clients

ICA Gruppen

ICA Sverige

ICA Handlarnas Förbund

Apotek Hjärtat

ICA Banken

AFA Försäkring

Wallenius Marine




Klarna Bank

Region Skåne

Svensk Fastighetsförmedling


BNP Paribas Bank

SKL Kommentus



Voi Technology


Advokatfirman Fylgia KB

Advokatfirman Fylgia KB’s commercial technology and IP team advises on all regulatory matters concerning the internet, tracking technologies, and data services. Practice head Martin Gynnerstedt has expertise in outsourcings, IT system development work, supply arrangements, license issues, joint ventures, telecoms regulation, and e-commerce matters. The firm has knowledge of a wide range of sectors, including the travel tech, cloud services, data analytics, and digital services industries, along with banking and insurance expertise.

Practice head(s):

Martin Gynnerstedt


‘The firm responded timely to inquiries on data protection questions within Sweden in particular. We were able to assess more than just the law but also trends happening in the country in particular sectors and a good understanding of the impact of governmental and quasi-governmental agencies.’

‘Martin Gynnerstedt is the partner we worked with. He is extremely knowledgeable, straight-forward and provides practical advice.’

‘Excellent collaboration and providing highly qualified associates to head projects together with in-house legal counsel.’

‘Specific data privacy/data protection expertise, expertise with EU-GDPR and Swedish law and regulation.’

‘Very knowledgeable and responsive.’

‘Good industry knowledge. Excellent at doing business. They produce high quality advice that provides pragmatic solutions. They always get the work done with the timeframes. They provide good value for money.’

‘Martin Gynnerstedt has been impressive. He is very responsive, knowledgeable and a pleasure to deal with. He is an asset to the team and never lets me down.’

‘Martin Gynnerstedt at Fylgia has been our main contact, and he has truly stood out in the way he has combined his knowledge in the practice with our business challenges providing advice and strategy opportunities in a way that we have not seen before.’

Key clients


Bring E-commerce & Logistics AB

iBinder AB


Mavenoid AB

Beijer Byggmaterial Aktiebolag

Egencia Sweden AB

Work highlights

  • Advised ID06 AB on several legal risk assessments concerning data privacy and data protection in the development of new IT services for the construction industry.
  • Advised Egencia Sweden AB on agreement negotiations, in which data privacy and data protection concerns were a strategic part of the negotiations.
  • Advised Mavenoid AB on data privacy and data protection matters concerning its SaaS offering to the market.

Gernandt & Danielsson Advokatbyrå

Gernandt & Danielsson Advokatbyrå has extensive experience in handling data protection work, including handling safe data transfer matters for regulated industrial clients. Niclas Rockborn, who leads the practice, focuses on regulatory issues for a wide range of clients including banks, insurance asset management companies and other financial institutions. Counsel Ulrika Forsberg is also a core member of the team, as is associate Dena Dervanović.

Practice head(s):

Niclas Rockborn

Kompass Advokat

Kompass Advokat’s data protection and personal data team cover a broad range of sectors including the banking, insurance, pension, trade union, and e-commerce industries. Practice head Anna Lööv advises on all the aspects of data protection impact assessments, personal data incidents, internal management contacts and other data protection matters.

Practice head(s):

Anna Lööv


‘Fast and service minded communication. Prompt delivery of services. Great creative dialogues and professional custom made advice which has been very useful.’

‘Outstanding service in terms of attention, competence and pragmatic approach. Useful hands-on advice. The team that we worked with always delivered with great quality and on time.’

‘Anna Lööv has excellent qualifications and experience within the field. Very good pedagogical ability and very nice and easy to work with.’

‘Kompass Advokat has deep knowledge and track record in regulatory requirements of the insurance industry as well as recognized expertise in public cloud vendors general terms.’

‘Out of the people from Kompass Advokat I primarily work with Anna Lööv who is a partner at the firm. She has a very strong combination of being very productive, insurance industry experience, highly valued expertise in public cloud terms in combination with being humble and easy to work with.’

Key clients

Dina Försäkring

Euro Accident




Lumera (former Itello)


S R Intelligence

Svenska Försäkringsföreningen


Work highlights

  • Assisted Klarna’s privacy legal team with complex data protection matters.
  • Assisted Skandia’s privacy team with data protection matters.
  • Assisted Humana with data protection services.

Advokatfirman Lindahl KB

Advokatfirman Lindahl KB handles data protection and privacy matters for both private and public companies, along with life sciences companies and mid-market start-ups. Co-head Gabriel Svedberg focuses on issues related to M&A transactions, IT outsourcings and contractual law, while co-head Michael Edquist has expertise in dealing with the data elements of corporate work.

Other key lawyers:

Johan Åberg; Mikael Olsson


‘Strong in all areas of GDPR advice, but in particular high-end advice.’

‘Gabriel Svedberg has an unique ability to translate this complicated area of law into practical business advice.’

‘Mikael Olsson, associate, and Michael Edquist, partner (both at the Uppsala office) are competent and easy to work with.’

‘Excellent attention to details, proactive, and very good business understanding.’

‘Partner Gabriel Svedberg: Excellent hands on advice provided on short notice and very good attention to details.’

‘Associate Mikael Olsson: Real good knowledge within the data protection field, delivered in a easy understandable and hands on way.’

‘My key contact is Gabriel Svedberg. He is specialized in the software industry and data privacy regulations, and he has always been very supportive, knowledgeable and easy to work with.’

Key clients

Philips AB

Axis Communications AB

Affibody AB

Thermo Fisher Scientific Inc.

Berling Media Group

Viedoc Technologies AB

Fastator Group (Aktiebolaget Fastator, Nordic PM AB and Offentliga Hus i Norden AB)


Amra Medical AB

Storytel AB

Foodora AB

Work highlights

  • Advised Philips AB on various matters of relevance for a global medtech company including privacy matters.
  • Advised Affibody AB on various data protection matters.
  • Advised Thermo Fisher Scientific Group on various data protection matters.

Magnusson Sweden

Magnusson Advokatbyrå’s data privacy and protection team has vast experience in handling GDPR related matters, including audits, implementation, drafting internal policies, reviewing profiling activities, and providing DPO functions. It also advises on marketing practices and regulations for domestic and international companies, organisations and public institutions in the medical, pharmaceuticals, insurance, and financial sectors. The team is led by the duo of Helena Rönqvist and Caroline Landerfors.


‘Great to work with.’

‘Caroline Landerfors – outstanding. So easy to work with and has such great competence.’

‘The team is very competent and service minded. They seem to have broad competence in the practice.’

‘We worked mostly with Caroline Landerfors and Helena Rönqvist and they were both very helpful and professional.’

Key clients


Quanterix Corporation

ICA Försäkring

Many Pets


Tech Nordic Advocates

DSI Underground

Work highlights

  • Advised ICA Försäkring on various data protection matters.
  • Advised Spotlight Stock Market on listings of shares on Spotlight Stock Market’s trading facility, including data protection and data privacy in connection with due diligence work.
  • Advised Many Pets on various data protection matters.

Norelid Advokatbyrå

Norelid Advokatbyrå’s GDPR and cyber-incident response team advises on cybersecurity issues, preventive compliance work, data privacy matters and data protection law at the national and international level. Practice head Susanna Norelid, along with the associate Marcus Appeltofft, handles matters involving data security breaches.

Practice head(s):

Susanna Norelid

Other key lawyers:

Marcus Appeltofft


‘Norelid Advokatbyrå’s team on data privacy and data protection is small and very accommodating, which makes them both agile and adaptable. They have also put an emphasis on incident response-work, which is rather unique in the Swedish market. With their agile team and large international network, they are able to provide fast and (when necessary) international assistance to clients with legal-related matters in response to cyber incidents. Marcus Appeltofft is a very strong associate.’

‘Marcus Appeltofft provides the best possible assistance to clients. With a broader base than only privacy, he has lots to offer clients both in terms of proactive as well as incident-related GDPR matters. Marcus therefore brings a strong legal, as well as business, understanding to the table, and a very capable will to learn and grow within this area.’

‘They are experts within their field. If you need council and support regarding personal data matters (GDPR) they are the best. You can feel 100% confident that you will get the best support you can get and they are equally good at solving problems as to help you prevent future problems.’

‘Both Susanna Norelid and her associates stand out from day one by being very flexible and available at all kind of hours and days.’

‘Susanna Norelid is very reliable, extremely responsive and a 360 view on the issue you submit to her. In case of emergency you are sure you can count on her.’

‘Norelid Advokatbyrå AB is very customer oriented and displays an in depth and state-of-the art knowledge within the areas of Data Privacy and Data Protection. They are a very trusted adviser to my company and are very responsive and professional in all contacts.’

‘I have had the privilege to work with Susanne Norelid and Marcus Appeltofft. Their knowledge within the areas of Data Privacy and Data Protection are unprecedented in the Swedish marketplace. In combination with a personal engagement and professional and swift delivery it goes without saying that Norelid Advokatbyrå is the law firm of choice for my business.’

Key clients















Work highlights

  • Advised a cyber-attack client on its response to a complex cross-border cyber incident, including setting up and managing a legal team from at least seven jurisdictions across two continents.
  • Advised Modular Finance AB on complex cross-border personal data processing and on the relevant legal complexities of acquiring the necessary personal data from an array of different sources.
  • Assisted Insicon AB with the complex cross-border processing of data, both internally within the client group as well as with external data processors.

TM & Partners

The technology team of TM & Partners advises on data privacy and protection issues along with GDPR compliance, fintech issues and regulatory matters for a client portfolio comprised of industrials, banks, start-ups, and healthcare sector clients. Practice head Fredrik Gustafsson, alongside senior counsel Erik Woodcock, handles IP, information security and TMT issues with additional experience in outsourcings, app development issues, software licensing work and technology transfers.

Practice head(s):

Fredrik Gustafsson

Other key lawyers:

Erik Woodcock


‘Knowledge, professionalism, availability.’

‘I have been working solely with Fredrik Gustafsson as a returning client with basically no need to seek his kind of expertise elsewhere.’

‘Great knowledge of the industry in which we act, and strong competence in the governing laws and regulations. Availability of the individuals I have worked has been excellent, and the commitment from them has really stood out.’

‘Fredrik is very competent yet humble and has the capability to spread calm even in quite nerve-wrecking situations. Exactly what one is looking for.’

‘Pragmatic and competent.’

‘Service minded and solution oriented.’

‘The team is service-minded, proactive, and knowledgeable in GDPR compliance, for which I use them. They are also very a business-practical firm.’

‘Fredrik Gustafsson is my main point of contact at the firm. He stands out above his peers with this proactive and business-practical approach while still being very knowledgeable in GDPR matters. He is able to find practical approaches while keeping our agreements compliant and our risks reasonably low. He is a good sounding board and adviser in all types of data privacy issues.’

Key clients

LRF Samköp AB

Posti Group Oy

Priveq Investment

RNB Retails & Brands



MAG Interactive

Endúr ASA

Work highlights

  • Advised LRF Samköp AB, an affiliate of the Swedish farmers’ association, on its legal matters including data privacy and data protection matters.
  • Advised RNB on the data privacy and data protection aspects of the sale of the assets of its subsidiary Departments & Stores Europe AB.
  • Advised Priveq Investment on the data privacy and data protection aspects of its investment in Swemac Innovation.