EU privacy, data and AI legal services

with strong expertise and a business-oriented mindset

Privilo Logo

Our mission is to understand your business and provide solutions tailored to your needs from start to finish. Strong expertise, practicality, and delivering added value to our clients are at the core of our services. We seamlessly integrate into your organization to provide high quality, pragmatic and efficient solutions and advice.

”We provide our extensive in-house experience to support your business success while balancing compliance risks.”
– Titta Penttilä, lawyer and founder of Privilo

Services

Privacy / data protection services

We help your organization to manage privacy risks, lead privacy work efficiently, and improve privacy compliance in a risk-based manner.  We assist you with all privacy, data protection, and GDPR compliance matters, from defining the strategy to handling operative daily tasks.

  • Legal advice and consultancy
    • EU GDPR, ePrivacy (e.g. cookies) and Digital Services Act (DSA) 
    • Finnish data protection laws including also privacy in working life
  • Privacy leadership, oversight and program management
    • Privacy strategy, goals and risk-based plan
    • Privacy risk assessment and management
    • Privacy governance model incl. roles and responsibilities and management model/system
    • Building privacy organization and team
    • Policies, processes, guidelines, templates, and other steering documents
    • Privacy audits and reviews with actionable development plan
    • Monitoring compliance and reporting (e.g., KPIs and other privacy metrics)
  • Data Protection Officer and EU Representative services
    • Data Protection Officer (DPO) as a service
    • Assisting your own DPO or privacy lead on daily work or specific projects
    • EU representative to organizations established outside of the EU
    • Assisting in engagement and cooperation with regulators
  • Supply chain privacy compliance
    • Privacy due diligence -process and audits
    • Data processing agreements (DPA)
    • Lawfulness of international data transfers and transfer mechanisms
  • Operative privacy work
    • Privacy reviews of products, services, and processing operations and assisting in ensuring compliance with the EU legal requirements (“privacy by design”)
    • Privacy compliance of direct marketing and cookies
    • Responding to requests from data subjects, authorities and media
    • Handling suspected/actual data breach incidents
    • Data protection impact assessments (DPIAs)
    • Privacy notices and statements
    • Records of processing and data mapping
    • Continuous support in daily privacy work (e.g. privacy help desk)
  • Training, awareness, presentations and drills
    • Development of overall awareness programs
    • Privacy training to different target groups
    • Planning and conducting data breach drills
    • Presentations in conferences and seminars
  • Certifications and projects
    • Planning and preparation for  (e.g. ISO 27701, ISO 27001, EuroPriSe)
    • Participating as subject matter experts in projects and programs

Data Act services

We help your organization to prepare for the EU’s new Data Act that introduces harmonized rules on fair access to and use of data.

  • Interpreting the new legal requirements in your business environment
    • Does the Data Act apply to your business?
    • What new requirements does the Data Act impose?
    • What are the impacts of the Data Act on your business operations?
    • What role(s) do(es) your organization have under the Data Act?
  • Consultancy services related to Data Act implementation project
  • Training and guidance

AI Act services

Organizations are increasingly capitalizing on the benefits of artificial intelligence (AI); however, regulations and risks associated with AI are also on the rise. The EU Artificial Intelligence Act (AI Act),  the world’s first comprehensive AI law, approved in March 2024, will establish risk-based requirements for the operation of AI technologies within each risk category.

We assist our clients in harnessing the advantages of AI in their operations while addressing and mitigating legal and ethical risks. Our comprehensive services range from defining AI  governance model to offering legal advice and training.

  • Legal advice and consultancy
  • Leadership, governance and oversight
    • Planning and execution of AI Act compliance program and related consultancy services
    • Assessment of current state, risks, gaps and capabilities (e.g. How AI technologies are used currently and in the future in compliance with organisation’s strategy and legal requirements)
    • Development and implementation of AI strategy, objectives, as well as deployment
    • Defining  AI governance model incl. roles and responsibilities 
    • Development of AI governance framework; principles, policies, guidelines and templates 
  • Training, awareness activities and presentations
  • Ethical questions related to the use of AI technologies  

Other services

Interim management or expert services

Do you need a temporary Data Protection Officer (DPO), Privacy Leader, Privacy Lawyer or AI / Data Legal Expert for your team? We assist you with resource scalability and provide solutions for recruiting experts and fulfilling temporary personnel needs.

We also provide Data Protection Officer (DPO) as a service and EU Data Protection Representative services.

Key note speaker, presentation and training services

Are you seeking an inspiring, dynamic, and insightful speaker, trainer, moderator, or facilitator for your event?

Titta Penttilä is an experienced presenter and widely recognized as an engaging speaker. She is dedicated to sharing her expertise and insights, covering legal matters, leadership, and navigating the complexities of the international business environment.

Expertise in Nordic and Chinese business culture 

We support you to conduct successful business in an international environment, especially offering expertise in Nordic and Chinese business culture. We help you to avoid the challenges created by different business cultures and etiquettes when collaborating with your partners, customers and other stakeholders.

About us

Liiketoimintalähtöisyys

Business-orientation

We want to understand and support your business – whether you are a small business, a public sector actor, or an international corporation. We offer high-quality services that are pragmatic, based on your objectives, and genuinely add value to your business or other operations.

Kokemus & osaaminen

Experience & Expertise

We combine strong legal expertise with extensive and broad-ranging practical experience in providing hands-on support to business operations, working in an international environment, and people leadership.

Avoimuus

Transparency

We are open and honest, we tell what we can do, and we keep our promises.

Ilo

Joy

Joy and a positive attitude are at the heart of everything we do!

Experts

Titta Penttilä

Titta Penttilä, LL.M., CIPP/E, founder of Privilo

Titta is a highly experienced privacy lawyer and leader, with over 20 years of extensive in-house experience in privacy/data protection, law, and information/cyber security in international context. She has a strong track record in establishing and leading successful privacy programs and organizations, as well as supporting fast-paced and data-heavy businesses by providing pragmatic, risk-based advice and priorities.

Before pursuing her dream and founding Privilo Oy, she worked as Chief Privacy Officer at Huawei Consumer Mobile Services EU, where she established and led the privacy program and team.  Earlier, she enjoyed a successful career at Telia Company (a leading Nordic telco), where she held various positions, including her most recent role as Telia Group’s first Group Privacy Officer. At Telia, she also held roles related to information/cyber security and worked as an in-house lawyer.

She approaches every challenge with a focus on driving business success and balancing risks, delivering practical and business-minded solutions. She is a results-driven professional who combines strong legal competence, people leadership skills, doer attitude, and a collaborative mindset to excel in dynamic, fast-paced environments.

Titta brings her clients extensive expertise in law, management and leadership, as well as in IT, communication/telecom, mobile applications and digital services.

Titta holds a Master of Laws degree from the University of Helsinki and an IAPP CIPP/E certification.

Contact:  email: titta.penttila@privilo.fi,  tel. + 358 40 7543993

LinkedIn

Our Story

Privilo Oy, a law firm established in Helsinki (Finland), offers legal and advisory services specializing in privacy and data protection, as well as data and AI. We assist clients of all sizes and types in complying with European legal requirements.

Privilo was founded on Titta Penttilä’s vision and dream of providing services she herself sought while leading privacy compliance work in international companies. Our services are based on customer needs, offering practical solutions that genuinely add value. Additionally, we offer agility to swiftly integrate skilled support into your team when there is a need to outsource work to us, manage temporary workload peaks, or find an interim replacement. We provide our extensive in-house experience to support your business success while balancing compliance risks.

In addition to legal advisory services, we are focused in developing privacy leadership and management, believing that organizations still have room to improve in this field to foster accountability and increase cost-efficiency. Data and AI regulations are becoming increasingly important compliance topics alongside data protection in the EU. Therefore, it is only natural that, in addition to privacy services, we also offer expertise in Data and AI Acts.

We at Privilo Oy are committed to assist you in a practical, business-focused, and approachable manner, delivering tangible benefits such as risk mitigation and improved efficiency in privacy management. We strive to seamlessly integrate with your processes, ways of working and corporate culture, functioning as an extension of your team.  On top of everything, we add a sprinkle of joy to everything we do.

How can we help your organization to succeed?