Privacy and Information Security

Digitalisation is associated with privacy problems and also changes the threat landscape and risk situation regarding undesirable incidents, but also represents a significant interval of opportunity for improving efficiency, automation and value creation. Clear and practical advice from us helps to ensure that the opportunities created by new technology can be taken advantage of.

At Brækhus, we are aware that handling personal data, trade secrets and other data represents a risk factor for businesses. A key factor is the general legal risk presented by incorrectly handling personal data or having inadequate information security, which can lead to breaches of statutory requirements. Of equal importance is commercial risk, i.e. the danger that companies can risk losing reputation, prestige and turnover. For forward-thinking and smart businesses, this presents an interval of opportunity and competitive advantage, and we very much enjoy helping them to make the most of these.

We provide businesses and authorities with advice on how to navigate the regulations and industry-specific requirements regarding information security and the processing of personal data and other data. Our technology lawyers have interdisciplinary expertise and are ready to assist our clients in technology matters relating to company law, intellectual property rights, taxes and VAT, etc.

Examples of what we do

  • Electronic marketing and cookies
  • Establishment of basis for transfer of personal data to third countries (BCR, EU’s standard contracts and Transfer Impact Assessments)
  • Crawling and scraping of personal data
  • Special challenges involved in the use of cloud services
  • Data protection declarations and data processing agreements
  • Talks, workshops and project assistance
  • Privacy in the workplace (e.g. access to emails, use of video surveillance or other control measures)
  • Data protection officer as a service
  • Establishment of internal controls, guidelines and procedures for handling requests from registered entities (e.g. for access, rectification and deletion)
  • Compliance, investigation and risk management
  • Data Protection Impact Assessments (DPIA) and risk assessments
  • Handling breaches of security
  • Regulatory requirements regarding information security
  • Security testing (pen testing)
  • Transactions, due diligence and transfer of ownership
  • Contact with the authorities and dispute resolution (Norwegian Data Protection Authority, Norwegian Privacy Appeals Board and the courts)