Data compliance is a strategic necessity for many companies. As regulations such as the AI Act, Data Act, GDPR, and NIS2 Directive have come into force, companies must take proactive steps to evaluate their role and responsibilities under these norms.

We help our clients to identify which regulations apply to them, understand their compliance obligations, and implement practical steps to meet them. This includes, for example, conducting risk assessments, classifying systems under the AI Act, revising commercial contracts for data access and use, and establishing procedures for incident response and authority notifications. We also advise on the processing of various types of data, such as location data, special categories of personal data, and international data transfers, as well as on issues related to the management of user rights and the data life cycle.

Our team of experts stays at the forefront of legal and regulatory developments. We combine legal insight with a deep understanding of emerging technologies to deliver business-oriented and practical advice.

Our key services include:

• Strategic advice on data, AI, and cybersecurity regulations
• Risk mapping, and compliance gap analysis
• Personal data processing impact assessments and legitimate interest assessments
• Personal data processing agreements and privacy policies, including those of joint controllers
• Agreements concerning use, access to, and sharing of IoT collected data
• Drafting of IoT and data processing service agreements in line with the requirements of the Data Act
• Development of internal policies, frameworks, and compliance tools
• Support with incident response procedures and authority notifications

Pekka Kiviniemi
+358 50 5911 088
pekka.kiviniemi@kalliolaw.fi

Lassi Kanerva
+358 50 5911 100
lassi.kanerva@kalliolaw.fi

Tiina Kekäläinen
+358 50 5965 969
tiina.kekalainen@kalliolaw.fi