Data Protection, Data Security & Governance

We combine data protection, information security and AI governance into practical, effective structures – clear, embedded, and demonstrably compliant.

Assessments & Redyness-Checks

We evaluate your data protection and security maturity level and identify concrete next steps – pragmatic, prioritised and documented.

Primary Focus:

• Status-quo and target analysis
• Data Protection Impact Assessments (DPIA)
• Transfer Impact Assessments (TIA)
• Deletion and retention concepts
• Recommendations & roadmap

Data Protection Compliance

We assess how personal data is handled in your organisation and help you implement legal requirements efficiently and risk-based.
You receive concrete recommendations to structure and document your compliance.

Primary focus:

• Current-state analysis
• Record of processing activities
• Handling of sensitive data
• Data protection principles
• Information duties & data subject rights
• Technical and organisational measures
• Archiving and deletion processes
• Action plan & roadmap

Information Security & ISMS

We review your technical and organisational measures and support you in establishing or improving an Information Security Management System (ISMS) aligned with ISO 27001.

Primary Focus:

• Technical and organisational measures
• Risk and threat analyses
• Awareness and staff training
• Incident management processes
• IT–Legal interface: clear responsibilities

AI Governance

We help you manage the use of generative AI in a lawful and transparent way – through governance structures, internal policies and contract clauses that ensure trust and accountability.

Primary Focus:

    • AI policies & usage models and Risk analyse
    • Use-case validation & training prohibitions
    • Human-in-the-loop mechanisms
    • Contractual safeguards & audit rights
    • Employee training & awareness

    Data Protection for Employees

    We support you in ensuring that your company also complies with data protection regulations with regard to your employees.

    Primary Focus:

    • Application process
    • Personnel dossier
    • Record of Processing Activities
    • Digital work and communication tools for employees
    • Regulation of workplace monitoring and IT use
    • Directives and usage regulations for employees
    • Regulation regarding the disclosure and use of employee data
    • Support in safeguarding the rights of employees
    • Return and destruction of employee data and personnel files
    Non-binding inquiry

    Current

    No Results Found

    The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

    Learn more
    Bruno Schnarwiler

    Konsulent Informationssicherheit

    Bruno Schnarwiler ist ein Experte in Wirtschaftsinformatik mit über 30 Jahren Erfahrung als Auditor, Projektmanager, Berater und Führungskraft. Mit Abschlüssen als Eidg. Dipl. Wirtschaftsinformatiker, CISA und ISO 27001 Lead Auditor verfügt er über Fachkenntnisse in Informationssicherheit, Krisen- und Risikomanagement sowie digitalen Archivierungslösungen. Er hatte Schlüsselrollen wie Leiter IT-Revision und Risikomanagement in einer Bank, Leiter Softwareentwicklung und Berater für Sicherheit. Diese Tätigkeiten gaben ihm umfassende Einblicke in Branchen und Prozesse. Er trägt zur Implementierung sicherer IT-Umgebungen, Optimierung interner Kontrollsysteme und Entwicklung nachhaltiger Lösungen bei, die moderne Anforderungen erfüllen.
    Edith Luginbühl

    Assistant

    Edith Luginbühl is a dedicated and experienced assistant with over 50 years of professional experience. Her professional career began with a commercial apprenticeship at a major bank and has taken her through various sectors, including the catering, hotel, car rental, travel agency and newspaper editorial offices. Her strengths include her friendly and professional manner, her reliability and her keen eye for detail.

    Alex Wild

    Student

    Alexander Wild began his law studies at the University of Zurich in 2019. Before and during his studies, he gained initial experience in the compliance department of a bank, worked as an IT supporter and in the legal department of an international pharmaceutical company. His activities included checking/compliance with bank instructions, sanctions, customer and country risk; assessment of general customer risk for the bank; wet ink support and support in the process optimisation of contract signings. Since 2022 he has been working as a paralegal at Balthasar Legal AG and LR | Rechtsanwälte. He is expected to complete his Master's degree in 2025.

    Sangmo Agontsang

    Paralegal

    Sangmo Agontsang completed her diploma in business administration at the Kaderschule Zürich in 2012. After graduating, she worked as a CEO assistant for Freitag lab ag and CBM Switzerland, among others. She also gained experience in the organisation of the Kaderschule Zürich and worked in the Intellectual Property department of Freitag lab ag. There she worked internationally with a team of lawyers to defend the company's rights. Since 2022 she has been working as a paralegal at Balthasar Legal AG.

     

    Markus Bruggmann

    MLaw Senior Adviser

    MLaw Markus Bruggmann completed his law degree at the University of Zurich in 2013 and has since worked for a bank, a commercial law firm and an insurance company, among others, where he specialised in advising, reviewing and drafting contracts in the areas of communications and technology law (data protection), taking into account liability and intellectual property law. His strengths include his analytical skills and broad experience.