Data protection is omnipresent and accompanies us in our everyday professional and private lives. We advise you on all data protection issues relating to national (new FADP, new Information Security Act, cantonal data protection laws, etc.) and international (GDPR) data protection legislation and answer your data protection questions. We also advise you on the operation of a Privacy Information Management System (PIMS) in accordance with ISO 27701 as a useful addition to your ISMS.
Our competence centre for data protection comprises several lawyers and legal experts. This experience enables practice-oriented solutions and implementation proposals in the areas of data protection and IT law for the benefit of our clients and the affected parties.
No data protection without technical and organisational measures (TOM)! To ensure that technology and organisation mesh perfectly, our data protection specialists work closely with the IT security, information security, physical security, etc. teams. The result of this cooperation: tailor-made and effective data protection solutions.
Hot Topics
We are happy to support your organisation with current challenges such as:
- Electricity Supply Ordinance (StromVV)
- EU Digital Operational Resilience Act (DORA)
- EU Artificial Intelligence Act (AI Act)
- EU Digital Service Act (DSA)
- EU Digital Markets Act (DMA)
- NIS2 policy
- Chinese Cybersecurity and data protection laws
Data protection compliance in accordance with Swiss data protection legislation
Data protection must comply with the previous as well as the new Swiss legal provisions (Swiss Data Protection Act, OFADP, cantonal data protection laws). We support you in identifying the relevant requirements and implementing them in a compliant manner: legally, technically and organisationally.
- Information on significant changes in new data protection laws
- Clarification of need for action
- Legal, technical and organisational support
- Promoting/ensuring data protection compliance
- Audits
- Best practice answers on the topic of new data protection laws
Data protection compliance according to the European General Data Protection Regulation (GDPR)
Thanks to our best practice approach, data protection compliance under GDPR is easier to achieve.
- Clarification of whether and how your organisation is affected by the GDPR
- Clarification of need for action and, if necessary, narrowing down the scope of action
- Legal, technical and organisational support
- Promotion/assurance of data protection compliance
- EU representation according to Art. 27 GDPR
- Mandate as external Data Protection Officer
- Carrying out audits
- Best practice responses on the subject of GDPR
Data protection impact assessment (DPIA)
The European General Data Protection Regulation (GDPR), the new Swiss Data Protection Act (FADP) and the new cantonal data protection laws require a DPIA to be carried out if the relevant requirements are met.
- Clarification of whether DPIA is applicable according to the GDPR, OFADP or cantonal law
- Legal, technical and organisational support
- Promotion/assurance of data protection compliance
- Carrying out audits
- Best practice answers on the subject of DPIA
Legal consultancy on IT law and digital legal issues
Digital projects are becoming more and more complex. Cloud services, AI systems and data-driven applications raise challenging legal questions about contracts, liability and governance.
Our legal expertise provides clarity in dealing with modern technology. It combines data protection, contract drafting, intellectual property and compliance into a reliable framework so that innovations can be implemented in a transparent, secure and legally compliant manner.
Our team of specialists will help you to ensure that your IT and digital projects are legally compliant.
Processing rules
The processing rules are a key instrument of risk-based data protection and serve as internal proof of data protection compliance.
It describes how automated data processing is structured, controlled and technically secured in your organisation. It specifies who is responsible, which workflows apply and which protective measures are implemented.
The obligation to prepare processing rules applies to private controllers and federal bodies, as well as their processors, if particularly sensitive personal data is processed automatically or other high-risk forms of data processing are carried out.
Protection of personnel data
The legal handling of personnel data in HR is delicate, as more and more processes (e.g. recruiting) run digitally.
- Application of general data protection rules
- Influence of special provisions from labour law
- Legal, technical and organisational support
- Focus: Data processing during the application process (incl. e-recruiting)
- Focus: Data processing during the employment relationship
- Focus: Data processing after termination of the employment relationship
Data protection audits
We check whether legal requirements are met and, for example, whether CRM, ERP or HR applications comply with data protection requirements. However, an audit also focuses on people and their data protection awareness.
Mandate: Data Protection Officer (DPO)
Data protection in the best hands: Ensures compliance with the requirements of the Swiss FADP and/or GDPR.
Responding appropriately in the event of a data breach
We advise you without lead time and formalities on how best to proceed if something happens that you did not want. Data breaches happen quickly: an email sent to the wrong recipient, a USB stick left behind on the train or even a cyber attack that can jeopardise the continuation of business activities. Often, a quick reaction is crucial in order to avert damage or at least keep it as low as possible.
- Status report/analysis of incidents
- Concrete planning of measures
- Clarification/coordination of legal and contractual reporting obligations
- Preparation of basis for decision-making
- Preparation of communication
- Notification of authorities and other stakeholders
