Data Protection

Data Protection

Every organisation should understand how data protection legislation affects its operations and how personal data can be leveraged in business.

We assist our clients extensively in all matters relating to data protection legislation and contractual matters as well as in cross-border data transfers and conduct data audits of current processes. . Our clients benefit from our advice on how to account for data security risks and liabilities in contracts, business transfers, outsourcing, system integrations and subcontractor management.

If your company suffers an incident, we can help you make the legally required notifications to the authorities without delay and plan a strategy to minimise potential consequences and harm.

We offer tailored training, among other things, on what data protection officers, data controllers and processors should know about personal data processing and data breaches as well as what lawyers should know about the GDPR and data protection impact assessments.

Our clients appreciate our technical expertise and business-oriented approach. We have advised government operators as well as private companies.

Our services include

  • Data protection inspections, reports and impact assessments
  • Contractual matters concerning personal data
  • Managing data security risks
  • Handling security incidents
  • Reports to the Office of the Data Protection Ombudsman
  • Assessing the applicability of special legislation in different fields and determining necessary changes
  • Extensive reviews on legislative issues
  • Supervision of interests and strategic advice in legislative projects
  • Providing training and facilitating workshops on data protection

Latest references

Castrén & Snellman acts on behalf of Google in Finnish court cases concerning data protection and privacy matters, including the so-called ‘right to be forgotten’ as established by the European Court of Justice in 2014. We have also acted for Google in several cases concerning issues under the Freedom of Speech Act, and for example in a court case concerning Google’s AdSense program .
Case published 14.7.2016
We advised Huhtamaki Oyj in relation to a EUR 450 million sustainability-linked syndicated multi-currency revolving credit facility loan agreement (“RCF”) with a maturity of five years. The RCF refinances an existing EUR 400 million sustainability-linked syndicated revolving credit facility signed in January 2021 and will be used for general corporate purposes of the Group. The RCF has two one-year extension options at the discretion of the lenders. The Mandated Lead Arrangers and Bookrunners of the RCF are Citi, Nordea Bank Abp, Skandinaviska Enskilda Banken AB (publ), BNP Paribas, Commerzbank Aktiengesellschaft, Danske Bank A/S, DBS Bank Ltd., London Branch, J.P. Morgan SE, Landesbank Hessen-Thüringen Girozentrale, OP Corporate Bank plc, Raiffeisen Bank International AG and Standard Chartered Bank AG.
Case published 28.11.2024
We represented a mutual real estate company belonging to a large Finnish group in arbitration proceedings against a construction company. The arbitral tribunal rejected the construction company’s claims in their entirety and ordered the construction company to reimburse our client for the costs of the arbitration proceedings in full. The dispute concerned the contract price under the construction contract, which was agreed to be determined on the basis of our client’s yield requirement and the rent under the lease agreement for the building in question. The parties disagreed on the indexation clause applicable to the rent adjustment and its impact on the contract price.
Case published 22.11.2024
We are acting as legal advisor to VR-Group Plc in their strategic decision to sell their road logistics business to the investment company Mutares. This transaction supports VR’s focus on rail transport in freight traffic. The road logistics business, which generated a revenue of approximately EUR 80 million in 2023, will be transferred to a newly established company under Mutares. The business unit employs around 75 people who will transition to the new company. The completion of the transaction is subject to approval by the Finnish Competition and Consumer Authority.
Case published 18.11.2024