Petter Enholm specializes in technology and ICT contracts, digital security, and data protection. With practical experience from the IT industry, Petter has in-depth understanding of the challenges many businesses face at the intersection of law and technology. Petter assists with negotiation, drafting, and quality assurance of contracts for ICT deliveries, including development agreements, service agreements, cloud services, integration solutions, and license agreements. Petter has extensive experience supporting both suppliers and customers in large and complex ICT projects, in both Norwegian and English.
ICT Contracts
Petter negotiates, drafts, and quality-assures agreements related to development projects, operations, and cloud services (SaaS/PaaS/IaaS), integrations, and licensing. The work covers the entire contract lifecycle: requirements specification, IP regulation, change mechanisms, milestones, acceptance criteria, SLA/KPI, and sanctions. Petter handles subcontractors, security appendices, and exit plans, including data portability and termination of cloud services. Petter has solid experience with SSA and IKT-Norge standard agreements, as well as tailoring relevant contracts where the standards are not sufficient. Petter assists suppliers and customers in large and time-sensitive agreements and represents clients in court in connection with disputes, including breach of contract, delays, and deficiencies.
Data Protection (GDPR)
Petter assists with clarifications related to legal basis and roles (controller, processor, joint controllership) and helps establish necessary routines and instructions (internal control documentation) to ensure and document compliance. Deliveries include DPIA with risk assessment and action plan, risk assessments for new and changed processing activities, internal control and governing documents, as well as assessments of transfer or disclosure of personal data and necessary contractual bases. Petter drafts operational data processing agreements, assesses legal bases for data transfers, prepares management notes anchoring choices and measures, and develops practical routines and processes for handling requests for access, rights, and obligations under the regulations, including incident management and notification to the Data Protection Authority. Petter assists clients in connection with complaints to the Data Protection Authority.
Digital Security and NIS2
Petter advises companies that need to document governance, resilience, and incident management. The work usually includes assessment of regulatory requirements, such as which obligations a company is subject to under the regulations, and gap analysis with the aim of developing a management system with roles and responsibilities for safeguarding digital security. Petter assists clients in drafting contractual requirements for digital security in the supply chain and establishes incident and notification procedures. The goal is to contribute to risk reduction and unified documentation that meets the requirements of customers, owners, and authorities.
Artificial Intelligence
Petter provides governance and compliance advice for the development and use of artificial intelligence in existing products and services. The focus is on purpose and data sources, data minimization, access control, logging, human oversight, and lines of responsibility.
