Protecting Your Personal Data

Protecting your personal data.

The new Swiss Data Protection Act (DPA) entered into force on the 1st of September 2023.

The aim of the revision was to align Switzerland’s data protection law with the legal requirements of the EU’s General Data Protection Regulation (GDPR). Further, “good practices” were to be promoted, the obligations of the persons responsible for data processing were to be increased, and the rights of the persons affected by data processing as well as the supervisory powers of the Federal Data Protection and Information Commissioner (FDPIC) were to be strengthened.

Data protection compliance

We support you in implementing the new requirements of the Swiss Data Protection Act, pragmatically and with reasonable solutions.

Focus areas

  • Data protection guidelines and declarations (DPA, GDPR)
  • Data mapping, development of the directory of processing activities
  • Data processing agreements
  • Transfer of personal data abroad
  • Requests from data subjects
  • Data security breach process
  • Privacy by Design and Privacy by Default principles
  • Data security concepts
  • Deletion concepts
    Data protection assessment

    We take stock of how personal data is handled in your company and provide you with concrete recommendations for action.

    Focus areas

    • Status quo survey (analysis of the current situation)
    • Inventory of processing activities
    • Processing of particularly sensitive personal data
    • Compliance with data protection principles
    • Duty to inform
    • Rights of the data subjects
    • Technical and organizational measures
    • Archiving and deletion processes
    • Need for adaptation (target state)

     

    • Action planning

    TO THE BLOG POST

    Data protection training

    We train your employees on the important topics, understandable, entertaining and with a lot of practical relevance.

    Focus areas

    • New terms
    • Principles of data processing
    • Importance of limiting access to personal data
    • List of processing activities
    • Data Breach Process
    • Processes of the rights of the data subjects
    • Archiving, deletion

    Methodology:

    We train at your site or at our premises. Digital training is also possible using the usual communication tools for one hour, half a day or several days, depending on your needs.

    Data protection for employees

    We support you in ensuring that your company complies with data protection regulations with regard to your employees as well.

    Focus areas

    • Application process
    • Personnel dossiers
    • Register of processing
    • Electronic work and communication tools for employees
    • Regulation of supervision at the workplace and IT usage
    • Instructions and usage regulations for employees
    • Regulation regarding the disclosure and use of employee data
    • Support in safeguarding the rights of employees
    • Return and destruction of employee data and personnel files
      Data protection impact assessment

      We support you in examining the need for and conducting a data protection impact assessment.

      Focus areas

      • Description of the planned processing
      • Threshold analysis
      • Checking the processing for data protection compliance
      • Risk analysis and assessment
      • Implementation of technical and organizational measures
        Data protection deletion concept

        We support you in developing the basis for implementing the data protection requirements regarding the deletion of personal data, pragmatically and in a target-oriented manner.

        Focus areas

        • Determining the reasons for deletion
        • Deletion and retention periods
        • Determining the deletion rules
        • Redefinition of the deletion process
        • Determining the deletion methods
          Data protection directory

          We support you in the development of a directory of processing activities.

          Both the data controller and the processor are obliged to keep a register of processing activities. For companies that employ fewer than 250 people and whose data processing involves only a low risk, the Federal Council is authorized under future Swiss data protection law to provide for exceptions. Since the fulfilment of many data protection obligations is hardly feasible without an overview of the data processing in the company, a corresponding directory is likely to be an obvious choice for practically every organization.

           

          Edith Luginbühl

          Assistant

          Edith Luginbühl is a dedicated and experienced assistant with over 50 years of professional experience. Her professional career began with a commercial apprenticeship at a major bank and has taken her through various sectors, including the catering, hotel, car rental, travel agency and newspaper editorial offices. Her strengths include her friendly and professional manner, her reliability and her keen eye for detail.

          Alexander Wild began his law studies at the University of Zurich in 2019. Before and during his studies, he gained initial experience in the compliance department of a bank, worked as an IT supporter and in the legal department of an international pharmaceutical company. His activities included checking/compliance with bank instructions, sanctions, customer and country risk; assessment of general customer risk for the bank; wet ink support and support in the process optimisation of contract signings. Since 2022 he has been working as a paralegal at Balthasar Legal AG and LR | Rechtsanwälte. He is expected to complete his Master's degree in 2025.

          Sangmo Agontsang

          Paralegal

          Sangmo Agontsang completed her diploma in business administration at the Kaderschule Zürich in 2012. After graduating, she worked as a CEO assistant for Freitag lab ag and CBM Switzerland, among others. She also gained experience in the organisation of the Kaderschule Zürich and worked in the Intellectual Property department of Freitag lab ag. There she worked internationally with a team of lawyers to defend the company's rights. Since 2022 she has been working as a paralegal at Balthasar Legal AG.

           

          Markus Bruggmann

          MLaw Senior Adviser

          MLaw Markus Bruggmann completed his law degree at the University of Zurich in 2013 and has since worked for a bank, a commercial law firm and an insurance company, among others, where he specialised in advising, reviewing and drafting contracts in the areas of communications and technology law (data protection), taking into account liability and intellectual property law. His strengths include his analytical skills and broad experience.