Data protection is omnipresent and accompanies us in our everyday professional and private lives. We advise you on all data protection issues relating to national (new FADP, new Information Security Act, cantonal data protection laws, etc.) and international (GDPR) data protection legislation and answer your data protection questions. We also advise you on the operation of a Privacy Information Management System (PIMS) in accordance with ISO 27701 as a useful addition to your ISMS.
Our competence centre for data protection comprises several lawyers and legal experts. This experience enables practice-oriented solutions and implementation proposals in the areas of data protection and IT law for the benefit of our clients and the affected parties.
No data protection without technical and organisational measures (TOM)! To ensure that technology and organisation mesh perfectly, our data protection specialists work closely with the IT security, information security, physical security, etc. teams. The result of this cooperation: tailor-made and effective data protection solutions.
Data protection compliance in accordance with Swiss data protection legislation
Data protection must comply with the previous as well as the new Swiss legal provisions (Swiss Data Protection Act, OFADP, cantonal data protection laws). We support you in identifying the relevant requirements and implementing them in a compliant manner: legally, technically and organisationally.
- Information on significant changes in new data protection laws
- Clarification of need for action
- Legal, technical and organisational support
- Promoting/ensuring data protection compliance
- Audits
- Best practice answers on the topic of new data protection laws
Data protection compliance according to the European General Data Protection Regulation (GDPR)
Thanks to our best practice approach, data protection compliance under GDPR is easier to achieve.
- Clarification of whether and how your organisation is affected by the GDPR
- Clarification of need for action and, if necessary, narrowing down the scope of action
- Legal, technical and organisational support
- Promotion/assurance of data protection compliance
- EU representation according to Art. 27 GDPR
- Mandate as external Data Protection Officer
- Carrying out audits
- Best practice responses on the subject of GDPR
Data protection impact assessment (DPIA)
The European General Data Protection Regulation (GDPR), the new Swiss Data Protection Act (FADP) and the new cantonal data protection laws require a DPIA to be carried out if the relevant requirements are met.
- Clarification of whether DPIA is applicable according to the GDPR, OFADP or cantonal law
- Legal, technical and organisational support
- Promotion/assurance of data protection compliance
- Carrying out audits
- Best practice answers on the subject of DPIA
Protection of personnel data
The legal handling of personnel data in HR is delicate, as more and more processes (e.g. recruiting) run digitally.
- Application of general data protection rules
- Influence of special provisions from labour law
- Legal, technical and organisational support
- Focus: Data processing during the application process (incl. e-recruiting)
- Focus: Data processing during the employment relationship
- Focus: Data processing after termination of the employment relationship
Data protection audits
We check whether legal requirements are met and, for example, whether CRM, ERP or HR applications comply with data protection requirements. However, an audit also focuses on people and their data protection awareness.
Legal consultation IT law
Advice from the team of specialists with tried and tested in-depth knowledge
- Data protection law
- IT law
- Know-how protection
- Labour law and IT
- National and international standards
- Regulations
Responding appropriately in the event of a data breach
We advise you without lead time and formalities on how best to proceed if something happens that you did not want. Data breaches happen quickly: an email sent to the wrong recipient, a USB stick left behind on the train or even a cyber attack that can jeopardise the continuation of business activities. Often, a quick reaction is crucial in order to avert damage or at least keep it as low as possible.
- Status report/analysis of incidents
- Concrete planning of measures
- Clarification/coordination of legal and contractual reporting obligations
- Preparation of basis for decision-making
- Preparation of communication
- Notification of authorities and other stakeholders
