Protecting Your Personal Data
Protecting your personal data.
The new Swiss Data Protection Act (DPA) entered into force on the 1st of September 2023.
The aim of the revision was to align Switzerland’s data protection law with the legal requirements of the EU’s General Data Protection Regulation (GDPR). Further, “good practices” were to be promoted, the obligations of the persons responsible for data processing were to be increased, and the rights of the persons affected by data processing as well as the supervisory powers of the Federal Data Protection and Information Commissioner (FDPIC) were to be strengthened.
Data protection compliance
We support you in implementing the new requirements of the Swiss Data Protection Act, pragmatically and with reasonable solutions.
Focus areas
- Data protection guidelines and declarations (DPA, GDPR)
- Data mapping, development of the directory of processing activities
- Data processing agreements
- Transfer of personal data abroad
- Requests from data subjects
- Data security breach process
- Privacy by Design and Privacy by Default principles
- Data security concepts
- Deletion concepts
Data protection assessment
We take stock of how personal data is handled in your company and provide you with concrete recommendations for action.
Focus areas
- Status quo survey (analysis of the current situation)
- Inventory of processing activities
- Processing of particularly sensitive personal data
- Compliance with data protection principles
- Duty to inform
- Rights of the data subjects
- Technical and organizational measures
- Archiving and deletion processes
- Need for adaptation (target state)
- Action planning
Data protection training
We train your employees on the important topics, understandable, entertaining and with a lot of practical relevance.
Focus areas
- New terms
- Principles of data processing
- Importance of limiting access to personal data
- List of processing activities
- Data Breach Process
- Processes of the rights of the data subjects
- Archiving, deletion
Methodology:
We train at your site or at our premises. Digital training is also possible using the usual communication tools for one hour, half a day or several days, depending on your needs.
Data protection for employees
We support you in ensuring that your company complies with data protection regulations with regard to your employees as well.
Focus areas
- Application process
- Personnel dossiers
- Register of processing
- Electronic work and communication tools for employees
- Regulation of supervision at the workplace and IT usage
- Instructions and usage regulations for employees
- Regulation regarding the disclosure and use of employee data
- Support in safeguarding the rights of employees
- Return and destruction of employee data and personnel files
Data protection impact assessment
We support you in examining the need for and conducting a data protection impact assessment.
Focus areas
- Description of the planned processing
- Threshold analysis
- Checking the processing for data protection compliance
- Risk analysis and assessment
- Implementation of technical and organizational measures
Data protection deletion concept
We support you in developing the basis for implementing the data protection requirements regarding the deletion of personal data, pragmatically and in a target-oriented manner.
Focus areas
- Determining the reasons for deletion
- Deletion and retention periods
- Determining the deletion rules
- Redefinition of the deletion process
- Determining the deletion methods
Data protection directory
We support you in the development of a directory of processing activities.
Both the data controller and the processor are obliged to keep a register of processing activities. For companies that employ fewer than 250 people and whose data processing involves only a low risk, the Federal Council is authorized under future Swiss data protection law to provide for exceptions. Since the fulfilment of many data protection obligations is hardly feasible without an overview of the data processing in the company, a corresponding directory is likely to be an obvious choice for practically every organization.