Experience and expertise within data protection & GDPR

Horten’s GDPR team has in-depth experience in the personal data rules and cybersecurity, including implementation of compliance projects. We have in-depth knowledge of the areas in which personal data law plays a decisive role such as employment, marketing, IT and public law.

We have advised on a significant number of cases considered by the Danish Data Protection Agency, and we have many years' experience drafting applications to the Danish Data Protection Agency, including notification and processing of security breaches. Our personal data law experts cooperate closely with other experts abroad and have built up wide experience in international compliance within personal data law.

Our clients

Our client portfolio is broad and includes Danish as well as international companies and public authorities. Our experience therefore includes advice to politically managed organisations and companies with commercial understanding of the problems in relation to processing of personal data.

Professional advice on data protection & GDPR

  • Implementation of compliance projects, including mapping of data and analysis of gaps
  • Preparation of GDPR documentation, including registers and internal procedures and policies (policy and procedure concerning deletion)
  • Preparation of privacy policies to comply with the duty of notification
  • Preparation of risk analyses and assessments for the purpose of impact assessments
  • Determination of technical and organisational security measures, including preparation of IT security policies
  • Advice on compliance with the rules on privacy by design and privacy by default
  • Assessment of the need for processor agreements, including preparation thereof and control of processors
  • Transfer of personal data to countries outside the EU/EEA based on e.g. EU standard contracts and binding corporate rules
  • Advice on the rights held by data subjects
  • Handling of security breaches, notification and reporting to and communication with the Danish Data Protection Agency and claims for damages, including cases before the courts
  • Other reports and complaints to the Danish Data Protection Agency, including warning registers
  • Advice on installation and use of TV surveillance
  • Establishment of whistleblower schemes and assistance on notifications
  • Due diligence in relation to personal data and transfer of data in connection with corporate acquisitions and bankruptcy
  • Implementation of mock supervisions and other audits
  • Training on the data protection rules
  • Current compliance and IT support thereof
  • Advice on the special rules on processing of personal data and the interface between these rules, including especially in relation to marketing, health, the financial legislation and telecommunication.
  • The personal data rules in Greenland
  • Advice on data protection officers

We also advice on cookie rules and the NIS Directive as well as the use of e.g. ISO 27001 for the purpose of compliance with the GDPR.

  • HR and employment law

    We assist companies, organisations and authorities as to how processing of HR data may be arranged in accordance with the GPDR. We have wide experience in relation to companies' compliance with the rules on the duty to inform employees and obtain consent to processing of personal data, and assessment of which data may be stored and transferred, including in connection with exchange of HR data between different affiliates of multi-national groups.

    Horten has also assisted with the drafting of guidelines in relation to storage and deletion of personal data for a number of companies and public authorities based on general as well as specific regulation of the individual areas.

    In addition, Horten has advised on a number of specific issues in connection with registration of the employees' use of the Internet and e-mails, recording of telephone conversations for training purposes, etc. and TV surveillance.

    Erik Wendelboe Christiansen

  • Whistleblower schemes

    Horten has assisted with the establishment of a large number of whistleblower schemes on behalf of Danish and foreign companies and authorities. Horten has also assisted with investigations concerning reports made under whistleblower schemes.

    In this connection, Horten has advised on many questions on personal data law relevant in relation to the establishment and use of whistleblower schemes, especially:

    • The content and scope of whistleblower schemes, including preparation of whistleblower policies
    • Assessment of the need for and assistance in relation to impact assessments
    • Observance of the duty to notify persons reported under a whistleblower scheme, especially in relation to reports and investigations.

    Søren Hornbæk Svendsen

  • Government requirements and special legislation

    In connection with collection, storage and transfer of personal data, a number of questions arise as to right and duty, e.g. due to special legislation, and it is often difficult to comply with the general rules on processing of personal data and special legislation at the same time.

    Horten has wide experience advising companies and public institutions within this interface between general personal data legislation and special legislation.

    There are also special rules on processing of personal data in certain areas which take precedence over the rules of the Personal Data Act, including, in particular, in the healthcare area and within the financial sector. Horten also has wide expertise and experience within these rules.

  • IT contracts, Cloud solutions, apps, AI and social media

    The rules on data protection are usually relevant when concluding IT contracts, establishing cloud solutions and apps and using AI, and also the use of social media raises a number of problems and challenges in terms of data protection law. We have wide experience in advising on these issues.

  • Consumers and marketing

    Marketing vis-à-vis consumers often requires consent and observance of the duty to inform. Companies' use of cookies also raises problems in relation to observance of the duty to inform and obtain consent.

    Another recurring issue is the use of customer data for the purpose of marketing for other companies.

    Horten advises private as well as industry organisations on how to carry out marketing and use cookies to achieve the purpose while observing the rules at the same time.

  • DPO services

    Horten provides DPO services adapted to the controller's specific needs. This service includes:

    • Information and advice to the controller and its employees on data protection
    • Observance of the controller’s compliance with the data protection rules
    • Advice in connection with the preparation of the controller's impact assessments
    • Cooperation with the Danish Data Protection Agency on behalf of the controller
    • The role as the Danish Data Protection Agency’s contact person in relation to all questions concerning processing of personal data on behalf of the persons subject to processing
    • Guidance of the data subject on behalf of the controller.


Anne Baandrup


Anne Louise Vinnes-Weibel

Senior Attorney

Emilie Loiborg

Director, Attorney

Maria Pilh Arendsdorf Bengtsen

Director, Attorney (L)

Ruth Caddock Hansen

Director, Attorney

Clara Øhrgaard

Assistant Attorney

Julie Sabroe Gemzøe

Assistant Attorney

The ability to quickly understand the challenge at hand and come up to speed is always valued.

Legal 500, 2024

The involvement and ability is exceptional and internally aligned. The teams coordinate well and make it very easy to seek advice.

Legal 500, 2024

The partner engagement and availability is exceptional. Furthermore, the quality and knowledge is extremely high and highly appreciated when seeking advice and legal help.

Legal 500, 2024