About Me

I'm a partner and head of our skilled and dedicated Privacy and Data Protection group in Denmark, advising on a wide range of data protection and e-privacy matters.

The need for data protection advice has expanded dramatically with the introduction of the EU Data Protection Regulation (GDPR). The GDPR is a very complex set of rules, not only to understand, but also to apply. That calls for a pragmatic approach yet still deeply rooted in a profound knowledge of the law. Our job is to understand our clients' business and to help our clients find the right solutions for them. Therefore, I am particularly satisfied that our client feedback often mentions our readiness to understand the clients' need, our sense of pragmatic solutions and our availability.

My passion for data protection law began, like many other matters in life, as a coincidence. In 2000, an international law firm asked me to write a chapter to a book on the implementation of the Data Protection Directive in Denmark. From that point on, I was hooked by the complexity of data protection rules and the challenges they pose to an ever changing world facing new technological development and possibilities.

Together with my team, I have vast experience in assisting our clients with all aspects of privacy and data protection, from full blown GDPR compliance projects, including awareness and client training, identification of lawful basis, complying with transparency requirements, establishing the appropriate level of procedures, policies and safety measures, to the daily challenges, including subject access requests, data breaches, negotiation of data processor agreements, cross border transfers of personal data, audits and authority enquiries, and taking part in clients business elaborations sitting in the midst of a service or product developing team with the task of ensuring privacy by design.

As GDPR applies to every kind of business and organisation, I have assisted and gained insight into a wide range of client sectors including retail, biotech and medical device, adtech, gaming, health sector, fintech, software and platform service providers, insurance and brokers, utility providers, industry associations, unions, public bodies and non-profitable organisations and more.

Being a part of Bird & Bird's international team of skilled privacy and data protection lawyers provides a unique tool enabling seamless coordination of cross border advice and projects and I have coordinated as well as contributed to multi-jurisdictional projects.

Since 2013, I have been a Certified Information Privacy Professional (CIPP/E).

Having a commercial law background, I also advise on commercial contracts, consumer law and marketing law.
  • Rolling out a global Danish retailers' data protection program in 25 EU and EEA countries: including data mapping and providing country specific gap analysis. Our Copenhagen Data protection team coordinated advice from Bird & Bird's international network of lawyers to include advice on local variations. As part of the project we held a number of internationally accessible webinars and local workshops in all countries. The project further involved the international roll out of localised GDPR implementation documentation.
  • Assisting a public authority agency in a GDPR compliance project: including identifying data processing activities and verifying the relevant lawful basis, identifying data processor relations and preparing gap-analysis including advice on the implementation step required to obtain full GDPR compliance. During the project, we also advised on several privacy related issues on the agency's marketing activities, the use of photos and video recordings, the processing of personal data on website and e-marketing.
  • Assisting a modern waste-management and energy company in a full GDPR compliance project. The project included assistance on map data processing activities in relation to consumers, users of services, and employees. Based on an extensive mapping of data flow and processing activities our Copenhagen data protection team prepared a gap analysis verifying lawful basis for processing and identified steps to be taken to become fully GDPR compliant. Furthermore, we assisted in the implementation process and have drafted required GDPR documentation. At the end of the project, the client decided to appoint Bird & Bird as their formal Data Protection Officer.


  • University of Copenhagen, LLM, Law
  • Vrije Universiteit Brussel, Master, LLM, International Law
  • Certified Information Privacy Professional (CIPP/E) in 2013


  • The Danish Bar & Law Society in 1993
Testimonials Carousel Megaphone


Michael Gorm Madsen was our prime partner. His knowledge and skills are outstanding and ensured progress and a result. Besides his professional abilities, his personal integrity and ability so see the world from the customer's perspective ensured the outcome.

Legal 500 EMEA, 2024

Michael Gorm Madsen is our primary contact. He is outstanding in the GDPR and privacy area, and always goes that extra mile for us.

Legal 500 EMEA, 2024

Latest insights

More Insights
Birds on a beach

The EU Whistleblowing Directive: the path to implementation

Dec 06 2021

Read More
Curiosity line teal background

Who is responsible when personal data is sent via un-encrypted connections?

Nov 19 2020

Read More
Car by beach

An Overview of the Implementation of the Whistleblowing Directive in the Nordics

Aug 19 2020

Read More

What's on TwoBirds TV?

More Videos