Data Protection and Cybersecurity

Cybercrime is a major threat to critical infrastructure, businesses and individuals. Governments in the EU and Norway are responding with increasingly strict regulations. Companies specialising in cybersecurity are countering the threat by developing complex technological solutions to provide stronger protection for their clients. As a result, cybersecurity and data protection have become areas where complex legal issues intersect with equally complex technology – and where mistakes can have serious consequences for both operations and reputation.

At Arntzen Grette, we help businesses understand, implement and document compliance in a regulatory landscape that is continually expanding and becoming more demanding. We have particular experience with regulations such as the General Data Protection Regulation (GDPR), NIS2 and DORA, and we combine legal expertise with technological and commercial insight. We also advise on cybersecurity and information security as part of corporate governance, risk management and regulatory expectations.

We work closely with data protection officers, management teams and technology functions on matters involving international data transfers, compliance frameworks, information security and regulatory processes. In particular, we support businesses at the intersection of technology, data protection and business-critical processes – whether relating to digital platforms, acquisitions, group structures or regulatory interventions.

Selected references include:

• Bufdir (Norwegian Directorate for Children, Youth and Family Affairs) and Bufetat (Norwegian Child Welfare Services) – advised on a complex two-year data protection project concerning the processing of sensitive personal data relating to vulnerable groups