Protecting Your Personal Data

Protecting your personal data.

The new Swiss Data Protection Act (DPA) is just around the corner.

The aim of the revision was to align Switzerland’s data protection law with the legal requirements of the EU’s General Data Protection Regulation (GDPR). Further, “good practices” were to be promoted, the obligations of the persons responsible for data processing were to be increased, and the rights of the persons affected by data processing as well as the supervisory powers of the Federal Data Protection and Information Commissioner (FDPIC) were to be strengthened.

Data protection compliance

We support you in implementing the new requirements of the Swiss Data Protection Act, pragmatically and with reasonable solutions.

Focus areas:

  • Data protection guidelines and declarations (DPA, GDPR)
  • Data mapping, development of the directory of processing activities
  • Data processing agreements
  • Transfer of personal data abroad
  • Requests from data subjects
  • Data security breach process
  • Privacy by Design and Privacy by Default principles
  • Data security concepts
  • Deletion concepts
    Data protection assessment

    We take stock of how personal data is handled in your company and provide you with concrete recommendations for action.

    Focus areas:

    • Status quo survey (analysis of the current situation)
    • Inventory of processing activities
    • Processing of particularly sensitive personal data
    • Compliance with data protection principles
    • Duty to inform
    • Rights of the data subjects
    • Technical and organizational measures
    • Archiving and deletion processes
    • Need for adaptation (target state)


    • Action planning


    Data protection training

    We train your employees on the important topics, understandable, entertaining and with a lot of practical relevance.

    Focus areas:

    • New terms
    • Principles of data processing
    • Importance of limiting access to personal data
    • List of processing activities
    • Data Breach Process
    • Processes of the rights of the data subjects
    • Archiving, deletion


    We train at your site or at our premises. Digital training is also possible using the usual communication tools for one hour, half a day or several days, depending on your needs.

    Data protection for employees

    We support you in ensuring that your company complies with data protection regulations with regard to your employees as well.

    Focus areas:

    • Application process
    • Personnel dossiers
    • Register of processing
    • Electronic work and communication tools for employees
    • Regulation of supervision at the workplace and IT usage
    • Instructions and usage regulations for employees
    • Regulation regarding the disclosure and use of employee data
    • Support in safeguarding the rights of employees
    • Return and destruction of employee data and personnel files
      Data protection impact assessment

      We support you in examining the need for and conducting a data protection impact assessment.

      Focus areas:

      • Description of the planned processing
      • Threshold analysis
      • Checking the processing for data protection compliance
      • Risk analysis and assessment
      • Implementation of technical and organizational measures
        Data protection deletion concept

        We support you in developing the basis for implementing the data protection requirements regarding the deletion of personal data, pragmatically and in a target-oriented manner.

        Focus areas:

        • Determining the reasons for deletion
        • Deletion and retention periods
        • Determining the deletion rules
        • Redefinition of the deletion process
        • Determining the deletion methods
          Data protection directory

          We support you in the development of a directory of processing activities.

          Both the data controller and the processor are obliged to keep a register of processing activities. For companies that employ fewer than 250 people and whose data processing involves only a low risk, the Federal Council is authorized under future Swiss data protection law to provide for exceptions. Since the fulfilment of many data protection obligations is hardly feasible without an overview of the data processing in the company, a corresponding directory is likely to be an obvious choice for practically every organization.