Data privacy and data protection in Sweden

Advokatfirman Cederquist KB

Advokatfirman Cederquist KB provides the full scope of data protection and privacy advice through its IP, IT and media desk. Co-head Johanna Linder applies her extensive IT knowledge to information security, data processing, cybersecurity and data transfer mandates alongside senior specialist Kerstin Wardman’s training and internal regulatory compliance experience. Notable companies in the financial services, insurance, transport and manufacturing sectors are present on the client list. Co-head Malin Allard and senior associate Henrik Lindstrand are key names for GDPR compliance and interpretation work, particularly in the media and online gaming sectors.

Practice head(s):

Johanna Linder; Malin Allard

Other key lawyers:

Kerstin Wardman; Henrik Lindstrand


‘Cederquist has broad and in-depth knowledge of data privacy and data protection. The team works seamlessly together and can provide advice on all aspects of data privacy and data protection in a quick and pragmatic manner. We have found them incredibly helpful and knowledgeable to work with.’

‘Johanna Linder is extremely experienced and knowledgeable of the area and makes sure her team works seamlessly and efficiently together with her. Johanna’s background as an in-house lawyer is very helpful and she gives high-quality and pragmatic advice.’

‘The team has a wide knowledge within the area and a unique pragmatism when advising on data privacy-related issues. The team also has an extensive understanding of the considerations that a business has to make in relation to data privacy.’

‘Johanna Linder and Henrik Lindstrand both have expert knowledge within data privacy and a very nice and non-complicated way of communicating. They are both fast and do not get into too many details unless asked to.’

‘The advice is always very pragmatic and very much based on the business and circumstances at hand – this is very much appreciated and something that not all firms are very good at. I always feel confident that I can fully rely on the advice.’

‘Johanna Linder and Henrik Lindstrand are both excellent and always very dedicated to their work.’

Key clients

Swedbank AB


Föreningen Svensk Elitfotboll

Elekta AB

PostNord AB

BillerudKorsnäs AB


TV4 Media

Work highlights

  • Advised Swedbank on a variety of matters related to data protection and risk assessments related to processing activities within the department of IT and digital banking.
  • Advised SJ on matters related to data protection and information security in connection with its procurement of a new inventory and ticket booking solution as SaaS.
  • Advised Föreningen Svensk Elitfotboll on matters related to digitisation, big data and other data protection-related issues.

Cirio Advokatbyrå AB

Cirio Advokatbyrå AB’s data privacy and information security practice is headed up by Caroline Olstedt Carlström, whose expertise is long-established in the market. The team advises a roster of multinational clients on regulatory and strategic data protection and privacy mandates, while also acting as DPO to numerous high-profile companies. The group also handles GDPR implementation projects and ongoing internal governance issues. David Frydlinger applies his data protection knowledge to digital outsourcing and joint venture projects.

Practice head(s):

Caroline Olstedt Carlström

Other key lawyers:

David Frydlinger


‘Caroline Olstedt Carlström is very good on privacy and grasps problems fast.’

‘We work mostly with Caroline Olstedt Carlström who is always very competent and available.’

‘I love the team’s spirit and likeability. They’re extremely nice to work with and it feels very safe and nice to have them representing us in discussions with courts and authorities.’

‘Caroline Olstedt Carlström has a corporate background that gives her the opportunity to think risk based and business oriented.’

Key clients







UC / Asiakastieto

Klarna Bank

Riksidrottsförbundet (The Swedish Sports Confederation)

Kompetensföretagen (Swedish Staffing Agencies)


Viking Line

Noviral AB

Work highlights

  • Assigned as external DPO to Klarna Bank, acting also as contact person for the supervisory authorities and providing regular and specific advice on a number of different data privacy-related matters.
  • Assigned as external DPO to financial services company UC AB, acting also as contact person for the supervisory authorities and providing regular and specific advice on a number of different data privacy-related matters.
  • Negotiating and drafting the data processing agreement for ICA Sverige’s sourcing project for a state-of-the-art grocery e-commerce solution.

DLA Piper

With a track record in handling data privacy projects across multiple jurisdictions, DLA Piper is sought after by global financial institutions and corporates from the industrial, defence and technology sectors. Practice head Johan Sundberg and senior associates Johan Thörn and Daniel Eriksson advise on GDPR implementation projects and strategies, and handle multijurisdictional cybersecurity mandates using a suite of bespoke UX tools including the firm's in-house CyberTrak tool. Sundberg is retained as a DPO for numerous high-profile companies, and also has strength in employee data-related issues.

Practice head(s):

Johan Sundberg

Other key lawyers:

Johan Thörn; Daniel Eriksson


‘Very good competence within data privacy.’

‘Daniel Eriksson is a very professional advocate and has shown a great understanding of our business needs.’

‘The team has exceptional knowledge in their practice area and are able to produce simplified and to-the-point advice and tools in a complex area of law. Where other teams propose lengthy and complicated solutions, DLA Piper are able to follow the legal requirements yet be simplified and have the client’s business in mind.’

‘Johan Sundberg possess an exceptional level of knowledge combined with business understanding not found elsewhere.’

‘Swift and high-quality feedback.’

‘Johan Sundberg is excellent.’

Key clients

ICA Gruppen

ICA Sverige

ICA Handlarnas Förbund

Apotek Hjärtat

ICA Banken

AFA Försäkring

PwC Sweden

Wallenius Marine




Klarna Bank

Svensk Handel

Svensk Fastighetsförmedling

BNP Paribas Bank

SKL Kommentus



Work highlights

  • Advising AFA Försäkring on all data privacy issues linked to its preparations for, and implementation of, GDPR measures.
  • Assisted the Swedish Association of Real Estate Agents with the drafting of sector-wide guidelines concerning the handling of personal data by real estate agents.
  • Advising Swedbank on various data privacy questions on a strategic and operational level.

Advokatfirman Kahn Pedersen KB

Advokatfirman Kahn Pedersen KB’s digital practice has top-flight data protection and data privacy expertise through practice heads Daniel Lundqvist and Johan Kahn, and senior specialist Martin Brinnen. Ongoing instructions pertain to cross-border and third-party data sharing work, data processing contracts, GDPR compliance matters and privacy issues related to digital outsourcing and cloud-based computing mandates. The group's client roster is broad, comprising financial institutions, insurers, public sector bodies and corporate entities. Value-add lawtech innovations are driven by dedicated legal technology officer Staffan Malmgren.

Practice head(s):

Daniel Lundqvist; Johan Kahn

Other key lawyers:

Martin Brinnen; Staffan Malmgren


‘A big team of lawyers only focusing on IT law is unique and hence there will be an experienced team looking into your IT law issue – this is excellent. Strong willingness to deliver modern advice and always on time.’

‘The team has unique expertise in the area. They are responsive and always balancing risks vs business value. They stand firm on what they believe is important but at the same time are creative in finding practical solutions.’

‘Johan Kahn and Daniel Lundqvist stand out. The are available and responsive and extremely competent in the area and always find solutions on issues at hand without waiving legal requirements. They always act very professionally and pedagogically.’

‘I consider Kahn Pedersen as the leading firm for data protection matters in Sweden (and also for IT). Since the advent of the GDPR, a number of law firms and other consultants of all sorts are claiming to be experts in the data protection field. However, only a few firms are actually solid and can add something to our internal expertise and that is why we choose to work with Kahn Pedersen and no one else. Several of the leading Swedish data protection lawyers are found in Kahn Pedersen.’

‘We have worked with Johan Kahn for a long time and consider him without doubt the number one lawyer for data protection and IT in Sweden.’

‘Daniel Lundqvist should be recognised as one of the foremost data protection and IT lawyers in his generation. We specifically appreciate his great legal skills together with his commercial understanding.’

‘Martin Brinnen is arguably the leading data protection lawyer in private practice in Sweden.’

‘Staffan Malmgren is unique with his solid technical knowledge and deep legal proficiency within the data protection field.’

Key clients

Länsförsäkringar Group

Getswish AB

Invidem AB

Fortum Group

Vossloh Group

Willhem AB

Akelius Residential Properties AB

Confederation of Swedish Enterprise (Svenskt Näringsliv)

Munters AB

DRT Solutions AB

Work highlights

  • Providing Länsförsäkringar AB with strategic and ongoing advice related to GDPR implementation and data protection.
  • Providing Invidem AB with data protection strategy, and advising the client on complex vendor negotiations with multiple global and national vendors for e.g. data, SaaS and infrastructure services.
  • Advised the Confederation of Swedish Enterprise on complex data protection issues, including the relationship between controller and processor.

Mannheimer Swartling

As head of Mannheimer Swartling’s corporate sustainability and risk management group, data protection and data privacy is a key area of expertise for Erica Wiking Häger. Multinational corporate clients and highly regulated financial institutions retain the team for full-scope advice, including GDPR compliance issues, cross-border data sharing and processing work, data protection impact assessments and advice on corporate expansions and M&A. Co-head Niklas Sjöblom applies his knowledge to IT outsourcing projects. The firm is increasingly advising investors and consumer-focused technology clients on the sustainability and ethical aspects of consumer data usage. Regulatory investigations by the Swedish Data Protection Authority are also handled by the group.

Practice head(s):

Erica Wiking Häger; Niklas Sjöblom


‘Outstanding service in terms of attention, competence and pragmatic approach. Useful hands-on advice.’

‘Very dedicated and among the strongest lawyers in their fields. Always give great guidance on how to practically handle questions (even if the legal field is ambiguous).’

‘Great team with very skilful individuals.’

‘Erika has grown this team for many years and as a result the firm has the best practice in this field in the Nordics.’

‘Extensive knowledge within privacy. Extensive knowledge within other key practices which gives a thorough assessment of different aspects to bear in mind when weighing pros and cons with different solutions.’

‘Mannheimer Swartling has extensive experience in data protection matters, spanning from compliance aspects of processing activities, to the handling of cross-border data breaches.’

‘They know their job, and very responsive.’

Key clients









Work highlights

  • Assisting Klarna with analysing and designing an industry initiative for the purpose of combating online fraud and identity theft. The initiative involves extensive exchange of personal data within the industry, thus advice has required highly sophisticated data protection knowledge combined with expertise in financial regulation and competition law.
  • Advised ATG in relation to its ambitious and successful GDPR compliance programme and subsequent audit verification processes.
  • Advising Spotify on a number of legal areas relating to the Libra project, including IT-related matters, national and EU privacy and data protection questions, blockchain issues, national and EU financial regulatory matters, corporate law and SPV-related matters.


The data protection and data privacy experts at Setterwalls span multiple offices and have expertise in a diverse range of sectors. Co-head Fredrik Roos and specialist counsel Bobi Mitrovic advise an impressive set of hi-tech clients including social media and e-commerce platforms on GDPR implementations and ongoing compliance issues. In the financial services sector, Joacim Johannesson is assisting high-profile banks and fintech companies with cybersecurity assessments and consumer data processing requirements, while co-head Jörgen Axelsson is experienced in handling data privacy issues in the healthcare sector. Sophia Spala and associate Emma Jarkell are also highly rated.

Practice head(s):

Fredrik Roos; Jörgen Axelsson

Other key lawyers:

Bobi Mitrovic; Sophia Spala; Emma Jarkell; Salomeh Eftekhari; Joacim Johannesson


‘Very skilled team that always gives value. I always feel important and get very engaged and committed individuals to support me in whatever legal matter I need help with. The legal advice is always well balanced according to the risk level we can accept. I am especially impressed with their solution focus and that nothing seems impossible even though the legal framework might be challenging in certain areas where we operate. Setterwalls is our selected long-term legal partner and I have very strong trust in them.’

‘Sophia Spala has been our anchor for a number of years and always delivers high-quality results. She brings in the best colleagues to help out with specific tasks but she always oversees and ensures brilliant results. I also appreciate her warm and positive personality and we have built a strong relationship. She has offered the same support from day one when we were a very small start-up and has kept following us when we grow with high engagement. It is always fun to work with Sophia, she paints the legal work in colours! I have noticed the same personal and engaged style from many other individuals at Setterwalls as well. I believe it comes back to a great company culture and strong values.’

‘Both Sophia Spala and Emma Jarkell are very reliable and fast in their response with good depth in their knowledge.’

‘Fredrik Roos is a trusted and skilled resource.’

‘Sophia Spala is a really experienced partner who not only has great knowledge in her field but also a very business minded and helpful way of working towards us as clients. Sophia’s way of turning legally complex information into understandable ways of working and handling our personal data in our every day business really stands out.’

‘Salomeh Eftekhari is a really appreciated associate who knows how to put complex legal issues into working strategies for us as clients.’

‘The practice’s knowledge and expertise about data protection is of the upmost highest level when it comes to international questions and dependencies. They are able to support international businesses acting both inside and outside the EU. They have the strength to support the business’ needs in data protection in combination with all kind of areas and topics, like sales, marketing, HR, finance, technology and IT security. The support and received feedback is incredibly quick.’

‘We have worked primarily with Bobi Mitrovic and are very happy with his assistance. His advice is to the point and he has an understanding of the practical/business reality that the advice will be applied to. Therefore, the advice is often easy to adapt and is neither too detailed or too vague to give any real business value.’

Key clients

Stena Line AB

Novacura AB

Talentwise AB

Ford Motor Company AB

Alligator Bioscience AB

Novo Nordisk Scandinavia

Safeture AB

Ascelia Pharma AB

The Central Bank of Sweden (Sw. Riksbanken)

Work highlights

  • Acted as main adviser to Stena Line, one of the world’s largest ferry operators, on GDPR data compliance issues.
  • Advising Novo Nordisk on personal data matters, including matters relating to the GDPR compliance project for Sweden.
  • Advising the Central Bank of Sweden on several significant digitisation projects and related data protection matters.

Baker McKenzie

Baker McKenzie fields a number of data privacy and data protection experts, including co-head Peder Oxhammar, whose expertise centres around GDPR compliance at the intersection and data and IT-related issues. The group's client roster includes key life sciences companies alongside retail, electronics and defence businesses. Co-head and senior associate Jennie Nilsson recently advised various growth companies in the technology sector on complex privacy issues pertaining to facial recognition technology.

Practice head(s):

Peder Oxhammar; Jennie Nilsson


‘The combination of deep regulatory knowledge and practical advice is their major strength.’

‘I would like to take the opportunity to mention Jennie Nilsson whom I always turn to whenever I have regulatory issues/questions regarding data privacy, either for myself or clients of mine. She is always happy to help, always gives very concrete advice and is 100% reliable in terms of keeping her promises.’

Key clients

Eniro AB

KRY (Webbhälsa AB)


Indivd AB

Work highlights

  • Supporting directory service company ENIRO with a range of issues including commercial contracts, IT contracts, licensing and data privacy work.
  • Assisting KRY, (the Swedish video-based healthcare provider) with the implementation of its service across various jurisdictions including Sweden, France, UK and Spain. Issues span regulatory, data privacy and marketing law.
  • Acting for Storytel on a wide range of assignments related to its streaming services of audio books in a number of jurisdictions.

Advokatfirman Delphi

Data protection and data privacy instructions at Advokatfirman Delphi are handled by Agnes Hammarstrand and Peter Nordbeck. Regulatory compliance and incident response are points of focus, and close collaboration with the IT practice is applied to clients’ digital outsourcing, cloud-based and digital payment implementation projects. The team is also acting in notable contentious work pertaining to GDPR breaches alleged by the Swedish Data Protection Authority. The practice also leverages a suite of fixed-pricing models, which are tailored to clients’ ongoing GDPR and crisis response needs.

Practice head(s):

Agnes Hammarstrand; Peter Nordbeck


‘Excellent legal knowledge.’

‘They have a pragmatic and down-to-earth approach and view on our business issues with a strong sense for the legal solutions, tailored for daily use.’

‘Very competent on GDPR and strong on cross-border compliance issues.’

‘Agnes Hammarstrand stands out as focused, commercial and effective.’

‘Real customer-focused approach I really appreciate working with Peter Nordbeck.’

‘I have worked with the team at Delphi and they are experts and commercially minded in their advice. They are well regarded amongst their peers.’

Key clients

Swedish Church


PRI Pensionsgaranti

Addtech AB


Pleid AB

Attendo AB

Google LLC.

UNICEF Sverige

Work highlights

  • Successfully represented the Swedish Church against the Swedish Data Protection Authority in litigation before the Stockholm Administrative Court.
  • Providing legal assistance to Addtech following a major cyber attack (ransomware) involving 80 group companies throughout Europe.
  • Composed a GDPR framework for PEAB, including the mapping of processing activities, drafting of routines, processes and templates for ensuring compliance, negotiating data processing agreements with key suppliers, performing legal audits for ensuring the company group’s compliance with adopted routines and processes as well as providing  workshops/seminars for all involved employees.

Hannes Snellman

Counsel Caroline Sundberg is a key name at Hannes Snellman for data privacy and data protection issues, including cybersecurity matters, GDPR compliance projects and issues pertaining to cloud-based computing. Financial services is a sector of focus for the team, with clients instructing the group on data processing regulatory issues and the implementation of fintech solutions. Practice head Elisabeth Vestin routinely advises on the data privacy aspects of digital outsourcing mandates and commercial agreements.

Practice head(s):

Elisabeth Vestin

Other key lawyers:

Caroline Sundberg


‘The team that we worked with always delivered with great quality and always on time.’

‘They are hungry, quick thinkers, professional and good writers.’

‘Elisabeth Vestin – Our main contact. Very trustworthy and always great engagement. She has a lot of experience and great knowledge in tech and e-commerce. Caroline Sundberg – Was helping us with GDPR. We felt very confident with here great knowledge in this area. Great engagement.’

Key clients

AB Nordiska Kompaniet


SAP Svenska AB

Seeburger Group

Stockholm Public Transport

Dustin Group

Ramirent Group

Konsumentverket (the Swedish Consumer Agency)

AB Svensk Exportkredit

Beckers Group


Kindred Group

Swedish Hockey league (HockeyAllsvenskan)

Unicef Sweden

AIK Fotboll AB

Vitamin Well Group

Unicef Sverige AB

Work highlights

  • Advising Hi3G Access AB on structuring and setting up its GDPR compliance programme to secure the company’s compliance with EU’s GDPR and associated Swedish legislation.
  • Advising AB Svensk Exportkredit in several IT procurements and outsourcing projects with heavy focus on compliance with regulatory frameworks such as the EBA’s new guidelines on outsourcing and GDPR-related matters.
  • Advising Infracapital on the acquisition of a majority stake of its public charging point operator (CPO) Fortum Recharge, a pioneering charge and drive electronic vehicle charging platform.

Hellström Law

Hellström Law’s data protection team recently saw an increase in incident response mandates requiring breach notification and subsequent investigation advice. Practice head Anna Fernqvist Svensson advises a diverse client base on data processing agreements, internal due diligence and cross-border data transfers including to the US. Svensson’s expertise is also applied to sensitive negotiations regarding clients’ status as a data controller. The group's GDPR compliance knowledge was enhanced by the recruitment of associate Mina Gholiof, who has experience as an in-house data privacy coordinator.

Practice head(s):

Anna Fernqvist Svensson

Other key lawyers:

Mina Gholiof


‘I have worked with Anna Fernqvist Svensson who is very responsive and delivers good quality advice in the data protection area.’

‘Outstanding service and performance, highest knowledge and flexibility when needed. The lawyers cooperate within their different specialities in a very professional way to solve my case/cases.’

‘Anna Fernqvist Svensson exceeded my expectations and demands (that were high to start with and time-pressured), quickly understood my needs and supported with high knowledge and guided me to the right solutions for our company. Saved me both time and money.’

‘The team displays a combination of competence, accessibility, distinct legal advice and clear understanding of our business better than other firms we have come across.’

‘Anna Fernqvist Svensson stands out. She demonstrates excellent commitment, provides clear and comprehensive advice balancing local requirements and needs with corporate requirements and needs, showing true understanding of our business.’

‘Anna Fernqvist Svensson is a stable and reliable person who is always well prepared. Her subject matter expertise is first class and she is not afraid of taking the lead. Her understanding of our needs makes her a valuable consultant.’

‘The firm, and especially Anna Fernqvist Svensson, has unique knowledge and experience with data privacy/data protection rules and legislation.’

Key clients

FKP Scorpio Sverige

Work highlights

  • Acting as DPO of FKP Scorpio Sverige, assisting the company with all matters relating to data privacy and data protection.


Roschier has a dedicated data protection group spearheaded by Björn Johansson Heigis. The team has particularly notable GDPR expertise, and has recently implemented cross-border compliance regimes for high-profile corporate clients in the telecoms and healthcare sectors; it also represents clients in Data Protection Authority audits. Senior associates Johan Gerhardsson and Hanna Tilus add strength to the data elements of corporate transactions and mandates concerning high volumes of customer and patient data.

Practice head(s):

Björn Johansson Heigis

Other key lawyers:

Johan Gerhardsson; Hanna Tilus


‘I enjoy working with the Roschier privacy team. They are very skilled, always available and solution oriented. I would highly recommend this team.’

‘Knowledgeable with a pragmatic and risk-based approach.’

‘The Roschier team is always available and ready to provide both top-of-mind advice as well as in-depth analysis. Advice given is always relevant and in line with our company’s risk appetite.’

‘The practice demonstrates a high rate of availability and accessibility, great capability to provide advanced legal analysis and and goes the extra mile in providing legal advice adapted to our business. Outstanding responsiveness, communication and delivery.’

Key clients

Ontario Teachers Pension Plan

Telia Corporation

Epic Systems Corporation



Work highlights

  • Advised Ontario Teachers’ Pension Plan on its Series C round investment in KRY, Europe’s largest digital healthcare provider, including strategic legal advice related to patient data, IT security and IT systems crucial for the business.
  • Advising Telia, the Nordic region’s largest telecoms operator, on strategically important matters related to GDPR.

Advokatfirman Vinge

Nicklas Thorgerzon and Emelie Svensäter Jerntorp spearhead Advokatfirman Vinge’s data privacy and data protection group, which is a core component of the firm’s TMT practice (headed up by Eva Fredrikson and Henrik Borna). The team has a multidisciplinary approach to GDPR compliance, IT outsourcing and M&A deals, and handles compliance audits for high-profile clients across all sectors. The team has a proven track record in data breach incidents and litigation concerning data retention before the CJEU.

Practice head(s):

Eva Fredrikson; Henrik Borna; Nicklas Thorgerzon; Emelie Svensäter Jerntorp

Key clients


Consumer bank

Navex Global


Star Stable

Aller Media

ForSea AB (former HH Ferries)


Work highlights

  • Advised Santander Consumer Bank on the data protection aspects of its acquisition of Forso Nordic, a subsidiary within the Ford Motor Company group.
  • Advised Loopia AB on data protection issues in connection with its acquisition of Binero Group AB’s web hosting business in Sweden and Germany.
  • Advised risk and compliance software company NAVEX Global on data protection issues relating to its acquisition of WhistleB Whistleblowing Centre AB.

Bird & Bird

Bird & Bird handles data privacy and data protection matters in the life sciences and technology sectors, regularly involving sensitive patient data. Practice head Mattias Lindberg advises on cybersecurity and data breach compliance issues and audits; he was recently instructed by a data controller on a high-profile data breach. Other highlights include assisting with international data transfers and risk assessment reviews for telecoms clients. GDPR compliance is facilitated by the firm’s Bird & Bird Privacy Solutions product.

Practice head(s):

Mattias Lindberg


‘Bird & Bird’s extensive experience and deep legal and technical knowledge makes our process for data privacy and its protection correct, lean and very powerful. Our collaboration with Bird & Bird provides value for our customers in knowing our solutions can be trusted and compliant with the current legislation. For us there is no reason to turn to anyone else than Bird & Bird.’

‘The Bird & Bird process for adapting new GDPR regulations and practices stands out. A truly lean and efficient approach.’

‘Mattias Lindberg’s extensive experience in data privacy and its protection along with his personal skills truly strengthens our teamwork and customers’ experience. Mattias has a way to make us have full confidence and trust in this legal area.’

Key clients

3G Infrastructure Services AB

Kontakta Sverige Service AB

AB Svensk Bilprovning

RCO Security AB

Atomia AB

Åke Sundvall Byggnads AB

Contiga AB

HeidelbergCement Sweden AB

The First Swedish Pension Fund (Första AP-fonden)

The Third Swedish Pension Fund (Tredje AP-fonden)

The Fourth Swedish Pension Fund (Fjärde AP-fonden)

Work highlights

  • Handled all drafting issues and negotiations for AB Svensk Bilprovning (the Swedish Motor Vehicle Inspection Company), as well as other strategic and legal considerations relating to the procurement of all its customer communications in both physical and digital channels.
  • Engaged by Åke Sundvall Byggnads AB (a construction and property management company) on a digital journey into building smart buildings.
  • Advising RCO Security on all legal matters in relation to its ongoing business activities.

Advokatfirman Fylgia KB

Stand-out data privacy mandates for Advokatfirman Fylgia KB’s technology and IP desk saw practice head Martin Gynnerstedt advising Swedish data processors on sensitive risk assessments for nationwide IT rollouts. The group also has a focus on providing regulatory advice pertaining to tracking technologies, big data and Internet of Things matters. The team conducts full GDPR compliance projects in a range of sectors, particularly the construction, engineering and technology industries, and is well placed to handle GDPR audits.

Practice head(s):

Martin Gynnerstedt


‘Availability and engagement of both partners and associates is excellent! Very valuable to get this attention. They are excellent in doing the best for the customer’s business benefit based on legal aspects.’

‘Fylgia are the go-to firm in Sweden for technology law and data protection issues. They have unique expertise in the field of privacy and data protection. They are highly responsive and are capable of tackling a whole range of legal issues dealing with technology and privacy.’

‘Martin Gynnerstedt is a real expert in data protection law. He is a highly skilled lawyer and extremely reliable. He demonstrates in-depth understanding of complex data protection issues.’

‘Fylgia has been great at understanding the business model we operate in and the types of contracts and legal advice that we need that is specific to our business and catered their services to this. The advice that we have received has been spot on for the type of challenges that we face and has helped us solve complex legal issues efficiently. They take a pragmatic approach set in reality and give guidance on the pros and cons of different approaches to meeting the legal requirements of new legislation.’

‘We have primarily worked with partner Martin Gynnerstedt at Fylgia. Martin has the rare capability to really understand complex, new legal legislation and challenges and strip them down to their essence so that they can be addressed in an efficient and effective manner. He is always available, owns problems and takes responsibility to deliver a solution.’

‘The team always suggests innovative solutions to complex problems.’

‘Martin Gynnerstedt contributes with exceptional knowledge and skill in the matters that I have worked with him. It is a true pleasure to work together with a person that has in-depth knowledge of the area of the expertise that you are in the need of. Delivers always on time and with outstanding quality.’

Key clients


Funnel AB

Mavenoid AB

Snowfall AB

Egencia Sweden AB

SEB Pension & Försäkring AB

Skandinaviska Kreditfonden AB

QuickSpin AB

Fieldfisher LLP

Hogan Lovells International LLP

HH Partners OY

Work highlights

  • Advised ID06 AB on several legal risk assessments concerning data privacy and data protection relating to the development of new IT services for the construction industry.
  • Advised Egencia Sweden AB on agreement negotiations, in which data privacy and data protection concerns were a strategic part of the negotiations.
  • Advised Funnel AB regarding data privacy and data protection matters in regards to its SaaS offering to the market.

Kompass Advokat

Kompass Advokat's data privacy practice advises a client portfolio comprised of financial services, e-commerce, trade union and public sector clients. Co-head Anna Lööv is highly experienced in advising on issues relating to processing and retaining patient data, while fellow co-head Anna Karin Pettersson is noted for her GDPR knowledge and acts as DPO for a diverse array of clients. Senior associate Karin Schurmann is also a core member of the team.

Practice head(s):

Anna Lööv; Anna Karin Pettersson

Other key lawyers:

Karin Schurmann


‘They are easy to work with which is very important. This firm really provides practical advice tailored to the business. Their advice has proven to be very useful in the long run and has given us successful tools to work with in a very good way. They have delivered accurate, high-quality advice, both at the level of detail and with a helicopter perspective. It can be seen that several of the individuals working at the firm have experience of working in the business.’

‘Their advice is very hands-on and also includes tools for implementation. They have been at the forefront when it comes to having an open dialogue when setting the scope of the assignment. They have put effort into understanding our needs and expectations and helped us to prioritise and set the scope. It has been a collaboration. They have been very transparent when it comes to estimates and billing. We have appreciated open discussions on how their advice can provide the greatest benefit for us.’

‘Kompass Advokat builds a long lasting and rewarding relationship by continuously offering interesting seminars, creating qualitative networks, and by giving proactive and informative updates in case of legal changes. Anna Lööv has substantial experience within her expertise areas and brings innovative and proactive advice. She is present, committed and responsive.’

‘The lawyers Anna Lööv and Karin Schurmann are accomplished within the legal areas that we use them i.e. GDPR compliance and cybersecurity. They understand perfectly what type of help we need and when. They had no problem adjusting to our interaction level and have easily met our expectations.’

‘Anna Lööv and Kompass Advokatbyrå established an all female data privacy network for women working in Stockholm and active in the privacy field. The network has shown a success with growing numbers of members and it is considered very valuable as a scene for discussing legal and practical challenges within the privacy field.’

‘Anna-Karin Pettersson – has comprehensive knowledge of data protection and data privacy and the ability to clarify and ‘concretise’ the everyday challenges for businesses within this area and come up with short-term and long-term practical and hands-on solutions.’

‘The team has strong collaboration and a culture where all ideas and discussions are welcome. The workplace in general has a culture that is very rare within law firms, where everyone is treated like equals, are fairly and generously compensated, and work-life-balance is not just a goal but a reality. This results in engaged and alert co-workers who like their job, and this shows in the work results. They genuinely care about delivering top-class advice to clients.’

Key clients

JUC Sverige – filial

Livförsäkringsaktiebolaget Skandia, ömsesidigt

S R Intelligence AB

SFF Försäkringsutveckling AB

PO Söderberg & Partner AB

Dina Försäkring AB

Gränges AB

Hannover Re /HDI Global Specialty SE, Swedish branch

Nordea Livförsäkring Sverige AB

Svedea AB

W. R. Berkley Insurance AG, Swedish branch

Allianz Global Corporate & Specialty Filial Sweden

Gar-Bo Försäkring AB


Dometic Group AB

Movestic Livförsäkring AB

Work highlights

  • Assisted with designing and drafting Skandia’s privacy policy for customers, suppliers and other registered individuals.
  • Appointed as external DPO and provided extensive assistance during PO Söderberg & Partner’s GDPR compliance project.
  • Appointed as external DPO and conducted numerous impact assessments in connection with Health and Sports Nutrition Group’s implementation of new systems.

Advokatfirman Lindahl KB

Advokatfirman Lindahl KB’s data privacy and data protection practice has a sophisticated client base which includes medtech, life sciences and pharmaceuticals companies, alongside mid-market start-ups. Practice head Gabriel Svedberg advises on issues pertaining to sensitive patient data, GDPR regulations, data processing activity and outsourcing and M&A transactions.

Practice head(s):

Gabriel Svedberg


‘High skills, strong competence within the organisation and lengthy experience within privacy law.’

‘Gabriel Svedberg has a unique ability to familiarise himself with difficult questions and to suggest suitable solutions. His recommendations for how we should live up to the GDPR law have been crucial for our business. He and his strong team are also extremely professional and always provide quick feedback.’

‘Truly flexible and pragmatic. All responses delivered very quickly with high levels of attention. Very warm people with helpful attitudes and heart.’

Key clients

Philips AB

Axis Communications AB

Affibody AB

Thermo Fisher Scientific Inc.

Berling Media Group

Viedoc Technologies AB

Fastator Group (Aktiebolaget Fastator, Nordic PM AB and Offentliga Hus i Norden AB)


Amra Medical AB

Work highlights

  • Advising Philips on various data protection matters.
  • Advising Affibody on various data protection matters.
  • Advising Axis Communications AB, a leader in network cameras and other IP networking solutions, on data protection matters relevant for a global IT company.

Magnusson Advokatbyrå

At Magnusson Advokatbyrå, the full scope of GDPR-related matters are handled by Helena Rönqvist and Caroline Landerfors, who jointly lead the data privacy and data protection practice. Recent instructions involved internal audits, policy drafting issues and impact assessments. The group also advises on the regulatory elements of data processing activity for clients operating in the insurance, medtech, retail and public sectors.

Practice head(s):

Helena Rönqvist; Caroline Landerfors

Key clients


Quanterix Corporation

Analysys Mason

ICA Försäkring

Work highlights

  • Assisted ICA Försäkring, a Swedish insurance company owned by the ICA Group, with various data protection matters, including reviewing and revising privacy notices, data protection agreements and legal analyses of privacy issues.
  • Advised Quanterix Corporation, listed on NASDAQ, on its acquisition of UmanDiagnostics, a world leading neurofilament light antibody supplier.

Morris Law

Morris Law fields a number of data privacy and data protection experts, including practice head Siri Mårtensson and Henrik Almström. The team focuses on GDPR implementation projects and also provides transactional support. The group is highly experienced in the life sciences and medtech sectors.

Practice head(s):

Siri Mårtensson

Other key lawyers:

Henrik Almström

Key clients






White Arkiteker

Yellow Brand Protection

Campadre Scandinavia

G-Star RAW

New Wave Group

Work highlights

  • Advising White Arkiteker on IP, IT, data protection, GDPR, commercial and other legal matters in Sweden, with a focus on increasing its international business.
  • Advising a healthcare provider on various IT and data protection-related matters, and assisting the client with an inspection from the Swedish Data Inspection Board.
  • Advising a healthcare provider on patient data-related matters.