Data privacy and data protection in Sweden
Cirio Advokatbyrå AB
Cirio Advokatbyrå AB’s Caroline Olstedt Carlström is a leading name in the Swedish market for data privacy and data protection work and acts as data protection officer for high-profile banks, stock markets, trade unions, IT suppliers and other data processors. The team regularly provides comprehensive advice on GDPR implementation and compliance issues and also assists with the handling of sensitive data on outsourcing projects, M&A transactions and the implementation of clients’ e-commerce platforms and digital services products. David Frydlinger is also a noted name in the field.
Practice head(s):
Testimonials
‘Caroline Olstedt Carlström is one of Sweden’s most prominent privacy lawyers. Her team has great legal experience and genuine business understanding.‘
‘Cirio, headed by Caroline Olstedt Carlström, is doing a very good job in the Swedish market and is probably the market leader.‘
‘Caroline Olstedt Carlström’s business understanding is what really separates her from being not just another legal expert. When we face difficult situations she always takes a business approach.‘
‘Caroline Olstedt Carlström stands out in the firm and in the market.‘
Key clients
Microsoft
Viking Line
ICA
Klarna Bank
Nasdaq
Dustin Group
Tink
Bankgirocentralen
UC/Asiakastieto Group
Riksidrottsförbundet (The Swedish Sports Confederation)
Kompetensföretagen
FASAB (Service organisation to six trade unions)
Work highlights
- Advised FABAB (a trade union administrator holding vast amounts of data) on assessments regarding data control and internal data flows.
- Acting as data protection officer for Klarna Bank and advising on data protection impact assessments, security incidents and internal governance.
- Advising Bankgirot on data privacy matters pertaining to its outsourcing of IT operations to Evry.
DLA Piper
With a long established practice in data privacy and an extensive global client base, DLA Piper is well-placed to handle the full suite of data issues including large-scale data processing applications, GDPR implementation and compliance work, cross-border data sharing matters and representation before the Data Inspection Board. Clients praised the firm’s provision of innovative tools and apps which help facilitate daily data privacy and protection requirements. Practice head Johan Sundberg is also part of the firm’s market-leading employment practice, and is well-placed to assist with employee data mandates.
Practice head(s):
Testimonials
‘DLA Piper has a sound business understanding and has created many tools to simplify and enhance the implementation of complex matters, which in turn enhanced our level of compliance.‘
‘Johan Sundberg’s team has a unique business understanding of their clients and how to make privacy a business enabler in a wide range of situations.‘
Key clients
ICA Gruppen
ICA Sverige
ICA Handlarnas Förbund
Apotek Hjärtat
ICA Banken
AFA Försäkring
PwC Sweden
Wallenius Marine
Pfizer
Swedbank
GE
Klarna Bank
Svensk Handel
Svensk Fastighetsförmedling
Swedbank
BNP Paribas Bank
SKL Kommentus
LIF
Work highlights
- Advising on the full range of data processing activities for GE and acting as DPO for a number of its subsidiaries.
- Assisted Svensk Handel with the drafting of sector-wide guidelines concerning the handling of personal data under GDPR in consumer loyalty schemes.
- Advising AFA Försäkring on all data privacy issues linked to its preparations for, and implementation of, GDPR measures.
Advokatfirman Kahn Pedersen KB
The highly praised team of data protection and data privacy professionals at Advokatfirman Kahn Pedersen KB provides advice on the full spectrum of issues relating to GDPR, data sharing with third parties, data processing contracts and outsourcing issues. Stand-out individuals including practice head Johan Kahn, Daniel Lundqvist and senior specialist Martin Brinnen are advisors to high-profile insurance firms, public bodies, IT companies, financial institutions, online advertising platforms and retailers. The group also leverages the firm's wider IT expertise and is a go-to name for matters relating to the data protection aspects of cloud computing operations and digitalisation projects.
Practice head(s):
Testimonials
‘Quick, agile and professional.‘
‘The team offers value-driven advice appropriately adapted to the client’s size and needs.‘
‘Kahn Pedersen is clearly the leading firm for IT and data protection in Sweden. It is indeed a highly specialised practice which would never be in the shadow of any other practice groups such as could be the case with full-service firms. I would like to emphasize the firm’s deep legal knowledge, negotiation skills, solutions-oriented drive and creativity.‘
‘A pragmatic and down-to-earth team that is really nice to work with.‘
‘Young, fast and unpretentious.‘
‘Daniel Lundqvist has a hands-on approach, is alert and available.‘
‘Johan Kahn has a constructive and highly skilled way of dealing with challenging situations.‘
‘Daniel Lundquist is a great negotiator and has the ability to structure and manage complex projects in a very efficient and successful manner.‘
‘Martin Brinnen is extremely knowledgeable when it comes to data protection issues. His long experience with the supervisory authority clearly makes him the leading data protection expert in Sweden.‘
‘Martin Brinnen has an unusually deep experience in the data protection field, having a background working at the supervisory authority. His combination of knowledge in the data protection field as well as the experience from drafting legislation was of great value to us. He delivered quality results in a very effective way, and was always responsive to our needs.‘
Key clients
Länsförsäkringar AB
Getswish AB
Svensk Handel Juridik
Nordic Growth Market AB
Fortum Group (including Stockholm Exergi)
Landshypotek Bank AB
Munters AB
Unionen
Akelius Residential Properties AB
Midroc Europe AB
Vossloh Group
Work highlights
- Advised leading insurance company Länsförsäkringar on its large-scale GDPR project.
- Advised Setswish, a provider of digital payment solutions, on data protection issues relating to sourcing procedures and service design.
- Advised Midroc Europe on GDPR implementation work, data sharing issues, processing agreements and online marketing matters.
Mannheimer Swartling
Mannheimer Swartling is a prominent name in the field of data protection and privacy under the leadership of corporate sustainability and risk management group head Erica Wiking Häger. Alongside advice on the full scope of GDPR compliance work including implementation strategies and policy work, the team also assists multinational clients with cross-border data sharing and cybersecurity issues, breach prevention strategies, data processing agreements and matters relating to the use of facial recognition techniques. Clients regularly originate in regulated sectors including the financial services and telecoms industries; other key sectors include the healthcare, life sciences, retail, automotive and digital media arenas. Niklas Sjöblom leads the Gothenburg-based team.
Practice head(s):
Testimonials
‘Erica Wiking Häger is excellent.‘
‘Erica Wiking Häger is an excellent lawyer – responsive, solutions oriented and extremely knowledgable.‘
‘Erica Wiking Häger is exceptionally knowledgeable in GDPR and brings an expertise to the table which combines compliance and privacy.‘
‘Erica Wiking Häger is super good – very efficient and practical!‘
Key clients
Hexagon
Northvolt
SAS
Loomis
Castellum
Novamedia
Work highlights
- Assisted cash-management company Loomis with its GDPR implementation project.
- Advised real estate company Castellum on its GDPR compliance strategy.
- Assisted electronics company Hexagon with designing and implementing a global data protection compliance programme.
Setterwalls
Setterwalls is an established name for data privacy and data protection matters and advises a client roster of domestic and international corporates on the full scope of issues. Noteworthy instructions for Fredrik Roos, Jörgen S. Axelsson and specialist counsel Bobi Mitrovic involve privacy matters pertaining to the design and usage of e-commerce platforms and other technology systems. Marcus Svensson is a go-to name for GDPR compliance work for life sciences and medtech clients handling patient data. The team also has expertise in blockchain-related data work.
Practice head(s):
Testimonials
‘Pragmatic and to the point with a practical, balanced view.‘
‘Easy to get in touch with. They helped us with our GDPR project in a very competent way.‘
‘Fredrik Roos is an excellent support- he is my main go-to person for most issues and he has a great track record in getting new associates up and running quickly.‘
‘Fredrik Roos and Bobi Mitrovic gives quick and competent answers.‘
‘Setterwalls has a knowledgeable and committed team helping us with our different GDPR questions. They do the work in an efficient and trustworthy which we are very satisfied with.‘
Key clients
Mapillary AB
Safeture AB
Novo Nordisk Scandinavia AB
Alligator Bioscience AB
Harvey Nash
Trustly Group AB
Volvofinans Bank AB
Ford Motor Company AB
Health and Social Care Inspectorate
Meniga Sweden
Work highlights
- Carried out a global GDPR project for Harvey Nash.
- Advising Alligator Bioscience on its GDPR compliance issues including matters relating to the processing of personal data in clinical studies.
- Advised security services provider Safeture on its GDPR project including drafting a data protection impact assessment.
Baker McKenzie
Peder Oxhammar and associate Jennie Nilsson lead on Baker McKenzie’s data privacy mandates, with noteworthy recent examples involving providing cross-jurisdictional support on implementing clients’ digital services and products, which involve high levels of user data; the team also provides general GDPR regulatory assistance. The diverse client base encompasses names from the retail, automotive, home appliances and healthcare sectors.
Practice head(s):
Testimonials
‘Provides expertise, pragmatism and attention to a clients’ needs.‘
‘Jennie Nilsson is practical and hands on, with a solid understanding of the business needs as balanced against compliance requirements in what is still an uncertain field.‘
Key clients
ENIRO AB
KRY (Webbhälsa AB)
Storytel
Work highlights
- Advising e-doctor platform KRY on the implementation of its services across Europe, which involves regulatory and data privacy issues.
- Advising Storytel (a streaming platform for audio books) on its data privacy issues.
- Providing data privacy guidance to directory platform Eniro.
Advokatfirman Cederquist KB
An extensive list of corporate clients from the financial services, insurance, construction and medtech sectors instructs Advokatfirman Cederquist KB on a range of data privacy and data protection issues. Practice co-heads Johanna Linder and Malin Allard advise on GDPR implementation projects and ongoing compliance support issues, data processing agreements, data breach responses and the use of user data for marketing and advertising purposes; associate Isabelle Emanuelsson regularly assists with the latter.
Practice head(s):
Testimonials
‘All individuals are exceptional in their own way, the leadership seems to be good and you can tell that the firm is an employer where people genuinely like to work.‘
‘Johanna Linder is incredibly intelligent and has an eye for talent.‘
‘Sara Andersson is a true talent with extraordinary capacity.‘
‘Isabelle Emanuelsson builds trust like no counsel I have met.‘
‘Matilda Sanfridson brings much energy into the assignment.‘
‘Provides fast, pragmatic and hit-the-ground-running advice.‘
Key clients
PostNord AB
Lantmännen ek för
Bonnier Broadcasting
Skanska Fastigheter
Föreningen Svensk Elitfotball
Mr Green & Co.
Elekta AB
BillerudKorsnäs AB
Björn Borg AB
Bonava AB
Acast AB
GG Entertainment AB
Work highlights
- Assisting agriculture company Lantmännen Group with its GDPR compliance relating to digital marketing based on user data.
- Assisting PostNord, which retains data of the entire Swedish population, with maintaining compliance with GDPR.
- Planning and structuring Skandia Fastigheter’s GDPR compliance project.
Advokatfirman Delphi
Agnes Hammarstrand is Advokatfirman Delphi’s go-to data privacy expert and leads the Gothenburg-based team, which advises on GDPR compliance work, data processing issues, online expansion matters and the privacy elements of IoT services. A substantial number of retailers feature on the group's client list, which also includes construction companies, student services businesses and car manufacturers.
Practice head(s):
Hannes Snellman
Hannes Snellman provides data privacy and protection expertise to clients across the financial services, telecoms, media and public sectors. Practice head Elisabeth Vestin is particularly praised for her analysis of data protection risk related to the procurement of cloud computing, IT systems and e-commerce platforms. The team also handles the full scope of GDPR assistance from implementing compliance programmes to reviewing internal policies and procedures.
Practice head(s):
Testimonials
‘Working together with Elisabeth Vestin always creates the impression of working with an internal colleague. She is advising on a highly professional level, but at the same time, always argues down to earth and calmly while having our business interests in focus.‘
‘The team has deep knowledge within the legal field of data protection and privacy legislation. They are also quick to understand what issues are critical to us as a client and provide legal advice based on our specific requirements as we work in a highly policy-driven environment.‘
‘Elisabeth Vestin and Anna Ribenfors are standout. They are highly knowledgeable within their fields of expertise and have, what I find essential, in-house legal experience. This means that the legal advice provided is presented in a format which makes it easy for me to understand the key issues.‘
Key clients
Hi3G Access AB
SAP Svenska AB
Seeburger Group
Card Group
Ramirent Group
Work highlights
- Structured and established a GDPR compliance programme for telecoms operator Hi3G Access.
- Advised Swedish public entity Kammarkollegiet on Cloud Act and GDPR compliance issues applicable to the use of a web-based office suite.
- Assisted Card Broup International with its GDPR compliance programme.
Roschier
Roschier’s data protection practice counts notable IT, media, technology and telecoms clients on its roster. The group is headed up by Björn Johansson Heigis and handles large-scale GDPR programmes and provides ongoing support on data breaches, data processing agreements and audits. A number of senior associates including Johan Gerhardsson, Hanna Tilus and Emmy Petterson assist across all mandates including M&A and outsourcing transactions involving sensitive customer data.
Practice head(s):
Key clients
Telia Corporation
Epic Systems Corporation
PayPal
Bonnier News
Work highlights
- Advising Telia on all matters relating to GDPR including conducting a readiness audit covering the company’s functions and jurisdictions.
- Advising Epic Systems on the handling of sensitive patient data for the delivery of IT projects.
Advokatfirman Vinge
At Advokatfirman Vinge, Henrik Borna is co-head of the TMT practice and advises on GDPR implementation and compliance issues and the processing of personal data. Fellow co-head Eva Fredrikson is a key name for commercial agreements, and Nicklas Thorgerzon, who co-manages the data privacy and data protection practice with Emelie Svensäter Jerntorp, handles data privacy projects for domestic and international clients. The team has recently advised clients from the telecoms, publishing, media, financial, security, retail and technology sectors.
Practice head(s):
Key clients
Tele2
Ellevio
Mastercard
Ambea AB
Aller Media
ForSea AB (former HH Ferries)
Loopia
Work highlights
- Advised Tele2 on the data protection aspects of its merger with Com Hem.
- Assisted Mastercard with the data elements of its cooperation with P27 Nordic Payments Platform relating to the establishment of the infrastructure for a new joint payment system in the Nordics.
- Advised Ellevio on the data aspects of a public procurement relating to the supply of smart electricity meters.
Advokatfirman Westermark Anjou AB
At boutique firm Advokatfirman Westermark Anjou AB, group co-head Karolina Pekkari is a noted GDPR specialist who, with fellow co-head Johan Åberg, assists a diverse array of clients with their implementation processes. The team also provides ongoing support on regulatory compliance work and advises on data processing operations for businesses in the mining, engineering, IT, media, real estate and e-commerce sectors.
Practice head(s):
Testimonials
‘Very good business understanding gave us a very smooth and efficient process of implementation.‘
‘Cost efficient and hands-on advice in GDPR matters.‘
‘Professional and client oriented.‘
‘A highly competent and available team. A good number of specialists divided on different areas of expertise with a clear chain of command. Quick response on questions and issues.‘
‘Karolina Pekkari stands out for her clear and concise advice on data privacy matters and her good understanding of how to present things in a way which will be understood by the business. She is a likeable person who you want to call when you need advice or need to discuss a data privacy matter.‘
‘We always felt that whether a small errand or big project, the service and engagement were of the same high level.‘
‘I found Karolina Pekkari to be very attentive to the client’s problems and challenges and able to manage complex and critical issues under a heavy time pressure while constantly presenting deep knowledge within the field of data protection and general legal matters. Further, me, my team and the client highly appreciated her good cooperation skills and her ability to explain the most complex applications of GDPR in a practical and useful way which in turn facilitated the project process. I consider Karolina Pekkari to be a highly professional solicitor who I would strongly recommend and hopefully will find an opportunity to work together with again.‘
‘Karolina Pekkari provides efficient, good advice and knowledge of our sector.‘
‘Johan Åberg always gives us professional consultation on all our questions regarding GDPR.‘
‘Johan Ãberg’s understanding of the GDPR framework and how to adapt our procedures to it is unmatched on the Swedish market. This paired with an understanding of our business and our business requirements makes him an excellent adviser to us.‘
Key clients
Boliden AB
IBM Svenska AB
Delivery Hero Sweden AB
BRIS
Work highlights
- Implemented and provided advice to mining company Boliden on its cross-border GDPR programme.
- Advised IBM Svenska AB on the implementation of GDPR.
- Advised Delivery Hero Sweden on the implementation of GDPR.
Bird & Bird
Data privacy mandates for Bird & Bird’s clients are handled by commercial practice head Mattias Lindberg, who recently joined from Affärsadvokaterna i Sverige AB to expand the firm's expertise. The team is handling GDPR compliance projects, data processing agreements and cross-border data sharing issues for clients in cutting-edge sectors including the fintech, medtech and life sciences industries. As an integrated offering with the firm's corporate and commercial practice, the group also routinely advises on data privacy issues arising from M&A transactions.
Practice head(s):
Key clients
AB Svensk Bilprovning
Tredje AP-fonden
Aleris X
Kontakta
RCO Security AB
Åke Sundvall Byggnads
Atomia AB
Orio AB
Omnicom
Work highlights
- Providing strategic advice to Aleris X on the handling of personal data under GDPR for its web-based patient programme.
- Negotiated data processing agreements for Åke Sundvall Byggnads’ customers and clients, as well as advising on the full scope of GDPR compliance.
- Advising automotive company Orio on its GDPR compliance implementation project.
EY Law
David Ericson is a noted GDPR expert who, with Anna Byström, leads EY Law’s data privacy and data protection work as joint heads of the digital law practice. The team focuses on GDPR implementation and compliance projects and also handles training sessions, drafts data processing agreements and advises on data breaches. The client base includes banks, digital education platforms, recruitment companies, insurance firms and other companies with substantial personal data usage.
Practice head(s):
Key clients
Barilla Sverige AB
Actic Group
Jurek Bemanning
DigiExam Solutions
Sweden AB
Nordnet Bank
Work highlights
- Advising on GDPR compliance for Barilla Sverige as the client’s appointed data protection officer.
- Assisted recruiting agency Jurek Bemanning with the assessment and implementation of GDPR including conducting workshops and drafting relevant privacy policies.
- Advised Actic Sverige on the transfer of data following a company acquisition.
Magnusson Advokatbyrå
Magnusson Advokatbyrå’s data privacy and data protection mandates are handled by Helena Rönqvist and Caroline Landerfors. The team’s expertise includes drafting data processing agreements for sensitive patient and customer data, advising on internal GDPR audits and the necessary policy drafting, and assisting with data protection impact assessments. The client roster includes names in regulated sectors including the pharmaceuticals, healthcare, insurance and financial services industries.
Practice head(s):
Key clients
Aon Sweden AB
ICA Banken AB
Work highlights
- Providing ongoing GDPR compliance advice to ICA Banken.
Morris Law
The group at Morris Law includes Jonas Toll and senior associates Henrik Almström and Siri Mårtensson, who provide the firm's client roster with data privacy and data protection support including transactional advice and guidance through the GDPR implementation process. The team also assists with auditing existing internal policies and advises on regulatory compliance.
Practice head(s):
Testimonials
‘The data privacy team at Morris Law has provided good support and advice in all matters they have been entrusted with a business-focused approach.‘
Key clients
White Arkitekter AB
Yellow Brand Protection AB
Campadre Scandinavia AB
G-Star RAW C.V.
New Wave Group AB
Work highlights
- Provided GDPR compliance advice on Yellow Brand Protection’s sale to Corsearch.
- Assisted White Arkitekter with managing personal data questions and GDPR compliance.
Synch Advokat AB
The data protection team at Synch Advokat AB advises on full-scale GDPR compliance and implementation projects, personal data transferals and data processing agreements for cutting-edge clients across the IT, consumer electronics, digital media, life sciences and retail sectors. The team has recently expanded with the addition of Gunilla Modén and associate Dena Dervanović from in-house roles, who bring extensive expertise and advise clients on data breaches, impact assessments and internal audits. Mathilda Nordmark heads up the practice.
Practice head(s):
Testimonials
‘The team is ambitious and has good knowledge of the subject matter.‘
Key clients
Samsung
Electronics Nordic AB
Industrial and Financial Systems AB
Capgemini Sverige AB
Sogeti Sverige AB
Collective Minds Radiology AB
Resurs Bank AB