We offer an experienced team of specialists who know what is needed in order for your company to comply with relevant legal requirements without losing track of your core business. We assist in supervisory matters before the Swedish Supervisory Authority, Datainspektionen, and if a dispute has arisen between your organisation and a data processor we assist both in negotiations and with litigation should it prove necessary. We work on a daily basis with the preventive work of finding the most practical methods and procedures to ensure that our clients’ management of personal data complies with applicable statutory requirements while still being practical and usable within their specific organisation.

Together with our well selected collaboration partners within data security, IT forensics, media/PR etc. we take care of clients who have suffered data breaches. With our Cyber Incident Desk manned around the clock, we are always available and take a holistic responsibility for the response to the breach. As part of this holistic response, we act as Incident Managers, on or off site, and ensure that all aspects are taken care of, such as for example the IT security work related to containing and minimizing the damage, contacts with media/PR consultants when and if necessary, as well as handling of all the legal questions that arise during and in connection with a data breach.

We offer full support for you and your company within all questions relating to personal data protection that may arise in the course of your daily business. We provide quality checks of your ongoing data protection compliance and provide answers to your legal questions based on your company’s practices and particular situation in order to secure your internal handling of personal data.

Our lawyers have experience in drafting all kinds of internal documentation that is needed to comply with the GDPR and other statutory requirements. We always make sure that the provided documentation, guidelines, policies etc. is tailored for your specific organisation and business and are attentive to you challenges and possibilities.

We offer full and complete analysis of your current compliance levels with regards to the GDPR and other applicable rules and regulations.


The purpose of a GAP-analysis is to evaluate how well your organisation is complying with the requirements set forth in the GDPR and other legislation and to offer assistance with any actions deemed necessary, all the while making sure that your core business and operations are not adversely affected.


Following the initial GAP-analysis, we will provide you with a detailed action plan that is tailormade for your organisation’s particular needs and challenges.


Transparency and understanding of which areas need to be prioritized and what actions need to be taken is a great first step to achieve compliance. A documented analysis of the organisation’s compliance is also a good basis for the organisation’s management when allocating resources.

We offer tailormade, interactive lectures and seminars on GDPR and data protection in general. Our experts are frequently appointed to hold lectures and seminars regarding topics ranging from basic GDPR knowledge and application to more advanced topics such as for example, how to best deal with a personal data breach.


Our seminars are always individually tailored to your company and the challenges and opportunities you meet within your organisation. We also offer more in-depth courses where we collaborate with our business partners within data security, IT forensics, media/PR specialists etc.

As the GDPR has entered into force, the rights data subjects have been strengthened in relation to the companies and organisations processing their personal data.


If a data subject chooses to exercise any of the rights afforded them by the GDPR, the organisation that is the controller for the relevant personal data normally has 30 days to respond to, and oftentimes comply with, such a request.


In addition to the demands this puts on the organisation’s internal structure and IT systems, there are also demanding legal assessments to be made.


The rights afforded to data subjects are not absolute and your company must carry out its own evaluation if and how a request from a data subject will be answered and complied with.


We at Norelid Advokatbyrå deal with these issues daily and can provide assistance both with the drafting of internal routines and other preparatory work as well as with support and assistance when a request from a data subject to exercise their rights has been received by your organisation or one of your processors.

According to the GDPR, all organisations are, as a general rule, required to notify the supervisory authority of a personal data breach within a very short timeframe. Under certain circumstances the company responsible for the processing of the personal data also has an obligation to inform the affected data subjects.


Our 24-7 Cyber Desk is available whenever needed and we often act as Incident Managers, both on and off site. Together with our carefully chosen collaboration partners, we manage all aspects of a breach such as for example the IT security work related to containing and minimizing the damage, contacts with media/PR consultants when and if necessary.


Of course, we also assist our clients with advice and recommendations in legal matters that arises in connection with data breaches, such as for example whether a suspected incident needs to be reported to the supervisory authority, Datainspektionen, how such a notice should be formulated and drafted, and if and how the data subjects affected by the breach shall be informed about the incident.


Furthermore, we assist our clients with drafting of internal documentation and with project management and coordination to ensure that the pre-requisites to minimize the risk of future incidents and to reduce the negative effects if after all an incident occurs.

Our lawyers have many years of experience of assisting clients in court proceedings and in front of supervisory authorities in regulatory matters, as well as in commercial litigation. Additionally, we are experienced in and are often asked to assist as counsel regarding risk- and crisis management.


If your company is being subject to an inspection by the Swedish Supervisory Authority, Datainspektionen, or if a dispute has arisen between your company and a data processor, our lawyers have the experience and expertise necessary to assist you.


Susanna Norelid

Managing Partner, Lawyer
+46 733 74 40 52

Levi Bergstedt

Senior Associate, Lawyer
+46 733 74 40 56

Marcus Appeltofft

+46 733 74 40 53