Privacy and GDPR

In today’s digital economy, personal data is an important asset as data is increasingly collected, analysed and shared. Businesses must ensure that their activities and the way they handle personal data is in compliance with personal privacy legislation. EU’s Privacy Policy - the General Data Protection Regulation (GDPR) - will come into effect this year and will force companies to take action and start meeting legal demands.

We assist companies’ top management, security offers, IT managers, data protection officers, employees, in matters related to the processing of personal data.

Additionally, we provide assistance in connection with other privacy-related issues, such as a data subjects rights according to GDPR or an individual’s right to their own image under copyright law and the right to privacy under the European Convention on Human Rights (ECHR).

We offer guidance to businesses that collect, store, and otherwise process personal data, including its use for direct marketing or the development of new business methods, internet services, or apps.

Ræder Bing’s lawyers have extensive experience with cases handled by the Norwegian Data Protection Authority and in handling complaints for the Norwegian Privacy Appeals Board. Ræder Bing’s lawyers are also frequent speakers and presenters in the privacy field.

We may assist you with:


  • Advising on all types of privacy and GDPR-related issues for data controllers (the entity that determines the purpose and means of processing), data processors (the entity that processes personal data on behalf of the data controller), and data subjects (individuals whose personal data is being processed).
  • Drafting and customizing data processing agreements, agreements on joint controllership, end-user agreements, and other contracts containing privacy clauses.
  • Draft privacy policies for employees, websites, and other purposes.
  • Draft texts regarding consent as well as conduct assessments related to consent requirements under GDPR.
  • Providing compliance assistance in privacy matters, including developing and updating the GDPR internal control documentation package for businesses in the private or public sector, conducting annual self-assessments, or providing recommendations for improvements.
  • Conducting risk assessments as required by GDPR, including drafting and using checklist templates for documenting whether legitimate interests can be used as a legal basis, data protection impact assessments (DPIAs), or assessments of data processors that include requirements for data security, content requirements for data processing agreements, and additional requirements if the recipient is located outside the EU/EEA.
    Meet the team

Related articles

Want to stay up-to-date?

Yes please!

At Ræder Bing, we are passionate about our fields of expertise and keen to share what we know and learn. Subscribe to our newsletter and stay updated.