ThommessenFlow Find people

Data Protection and Cyber Security

Thommessen’s market-leading team assists Norwegian and international clients in solving complex problems and challenges relating to the use, protection and commercialisation of personal data and other business-critical data, as well as when cyber security threats are looming.

We are undergoing a digital revolution in which data play a key role. A world in which cloud services and complex analysis and AI tools are available 24/7 for most businesses offers a tremendous potential for extracting value from data which would previously only have clogged up archive space. However, the risk of data being unlawfully used, accessed or disclosed increases in tandem with the scope for utilisation, whilst violation of complex data protection rules and cyber security deficiencies may have serious repercussions – both financially and reputationally.

Given the current landscape of global security concerns, it's more crucial than ever for businesses to proactively evaluate their vulnerability to cyber threats, including espionage and sabotage. As mandated by Norway's Security Act, companies subject to the law are given extra responsibility. An increasing number of businesses are subject to the law. Core to this legal framework is the obligation for companies to maintain robust information security protocols and implement secure systems. We can assist through all phases of the implementation process, as well as in questions related to the various requirements of the law. Comprising experts from various disciplines, our team not only possesses comprehensive knowledge in this area but also has hands-on experience dealing with the Security Act and coordinating with relevant governmental bodies.

Thommessen has over a number of years developed one of Norway’s leading legal teams specialising on data protection and cyber security. We assist clients in all industries, from the main global technology and media giants to Norwegian shipping companies, banks and insurance companies, health enterprises and start-ups. We are committed to always providing legal and strategic advice in a hands-on, effective and clear manner.

Our experts primarily focus on the following four general categories:

  • Regulatory: We assist businesses on the preparation of internal GDPR procedures and guidelines, privacy policies, data processing agreements, etc. We are involved in everything from large-scale global GDPR compliance projects and BCR preparation/implementation to conducting DPIAs and communicating with the Norwegian Data Protection Authority.
  • Transaction: There is an increasing focus on data protection and security in M&A projects. Our team works closely with our transaction lawyers on complex cross-border transactions.
  • Commercial/strategic: The room for manoeuvre under the GDPR, etc., will often be of importance in the interface with customers and when new products are developed and rolled out. We assist technology companies, e-commerce players, providers of financial services and others in connection with product development and technology development on an ongoing basis.
  • Cybersecurity, crisis management and contentious matters: Cyberattacks and security breaches pose a growing challenge to businesses worldwide. Our team provides both legal and strategic assistance when unwanted events occur. We ensure, in cooperation with the client and security experts, that legal requirements are complied with and that risk is reduced to the extent possible.
The team is practical, hands-on and experienced. Client
Legal 500, 2024


  • 2024 1st Place Data Protection and Integrity Prospera
  • 2024 1st Place TMT Prospera
  • 2024 Band 1 TMT Chambers & Partners
  • 2024 Tier 1 TMT Legal 500


Cyber security with Thommessen CyberHub

Businesses in all sectors are increasingly being targeted by cyber criminals. Together with experts from the international cyber security and cyber assurance community, we have created Thommessen CyberHub – a professional forum where we have invited renowned cyber experts to participate. Together with our partners, we aim to help our clients understanding the legal implications of cyber threats and to better prepare for and respond to cyber incidents.

Read more
GETTYIMAGES 1254825733 1 crop

The team