Data protection and processing of personal data

All companies and organizations process personal data to some degree during the course of their operations. For instance, this may relate to information concerning customers, members, employees or other categories of persons, or that the personal data is processed in connection with the provision of a service on behalf of a third party. 

On 25 May 2018, EU’s General Data Protection Regulation (GDPR) started to apply. The new Regulation is a comprehensive set of rules concerning data protection in respect of natural persons’ personal data and shall, as a main rule, be applied by all companies and organizations which have their registered office within the EU or which, somewhat simplified, process personal data relating to natural persons within the EU. 

Rules governing how personal data shall be processed are nothing new per se, but the EU’s General Data Protection Regulation has introduced more stringent requirements and extended rights for data subjects. The General Data Protection Regulation also provides a possibility for supervisory authorities to impose significant fines against companies that do not fulfil the requirements set forth in the General Data Protection Regulation. The processing of personal data is not a specific area of operations which only certain companies or organizations carry out, but rather it is something that all do to some extent. We have extensive experience in examining the operations of companies and organizations and their processing of personal data from a data protection perspective. We perform, among other things, client‑adapted analyses of ongoing and new processing and can thereafter recommend a bespoke action plan for how the General Data Protection Regulation’s requirements should be complied with in practice. In this way, we can ensure that your specific needs are met. 

We also assist, among other things, in relation to: 

• Preparation of policies and information to data subjects
• Procedures in order to fulfil the rights of data subjects, e.g. data portability and the right to be forgotten
• Procedures for procuring and verifying consent
• Preparation of personal data assistant agreements and contract negotiations
• Advice in relation to international transfer of personal data
• Impact analyses in relation to data protection
• Security issues
• Designation of a data protection officer and support to the data protection officer
• Advice and preparation of documentation in conjunction with personal data incidents
• Processing of personal data in connection with share transfers and asset transfers
• Disputes and proceedings relating to the processing of personal data

New guidance on the application of this area of the law is constantly being provided by supervisory authorities and pursuant to case law from courts at both EU and national level and we are constantly working to keep abreast of developments.

Vinge has high competence within the area of data protection, privacy protection and processing of personal data and has assisted many Swedish and international clients in connection with analyses and development of procedures, policies, agreements, etc., within this area. Our specialists are often engaged in data protection projects and have extensive experience in advising clients within a wide range of industries. Vinge also offers training for personnel and management teams within the area of personal data processing and data protection.

Please feel free to contact us if you wish to discuss your needs in respect of data protection.

What the ranking organisations say

‘Vinge’s data privacy team is small but very experienced and responsive.’

‘Great value add and always good at balancing the different conflicting interests in the business.’

‘The Vinge team provides adapted advice and will always listen to and understand your issue.’ Legal 500, 2023