Mannheimer Swartling’s Data Privacy team advises on data protection, privacy and information security. The team has extensive experience of the General Data Protection Regulation (GDPR) and supplementary legislation in this area. Our lawyers are well acquainted with best practice and handle regulatory issues, transactions and supervisory matters on a daily basis.

Data privacy affects all areas of a business. We often work with the firm’s other specialists to provide a complete and tailored response to each client and engagement. For instance, we regularly work with the firm’s Healthcare and Life Sciences group on managing personal data in the health and medical sector, with the Banking and Finance group in assessing data protection aspects of financial institutions and fintech companies. and with the firm’s Technology lawyers on information security, outsourcing and IT.

Personal data often forms an integral part of a company’s business model and a significant proportion of its value. We regularly assist the firm’s M&A lawyers in reviewing how companies manage personal data in large and complex transactions.

Data protection plays an increasingly prominent role in the global business environment. Our work is very often international, and we regularly lead global teams with lawyers from our overseas offices or from other overseas law firms expert in data protection.

A selection of our services

  • Compliance programmes – Design and implementation of global compliance programmes, as well as review and audit of existing programmes
  • Ethical use of personal data –  AI and facial recognition technology
  • Strategies for third-country transfers – Binding Corporate Rules (BCRs) and EU Commission standard contract clauses
  • Personal data incidents – reports to data protection authorities and global investigations
  • Supervisory matters – contact with the Swedish Authority for Privacy Protection and appeals against decisions and sanctions
  • Social media and cookies – collection and use of personal data in social media and via cookies, e.g. within Ad Tech
  • M&A-related matters of data protection, privacy and information security