We assist you in designing, developing and implementing appropriate and customized data privacy management practices and governance structures, tailored to your organization and business needs, that enable your company to ensure adequate compliance with privacy laws and regulations and be better prepared to respond to privacy, cyber and data protection issues.
In response to the current legal developments in the EU (new General Data Protection Regulation, Privacy Shield), Switzerland (revision of the Data Protection Act) and other countries, we assist you in reviewing and adapting your privacy management program to ensure compliance with the new rules and be prepare to demonstrate your accountability.
Our appraoch to privacy governance involves standards based on laws, regulations and general privacy principles, processes and procedures determining actions and behaviours to comply with the standards, awareness programs and tools, defined roles and responsibilities and clear accountability to ensure effective and sustainable implementation of legal and regulatory privacy requirements as well as controls providing assurance and supporting risk mitigation.
Program scope and strategy
We assist you in defining your program scope and the strategy appropriate to your organization and business based on an initial assessment.
We support you in establishing an effective governance structure and defining roles and responsibilities.
We help you in developing a policy framework consisting of standards, policies and procedures for privacy program implementation.
Binding Corporate Rules
We assist you in designing Binding Corporate Rules (BCR) for your organization, driving the authorization process in the EU and Switzerland and effectively implementing the BCR across your enterprise.
Data transfer governance
We advise you on appropriate governance models for transferring personal information globally within your organization and to third parties and assist you in implementing the defined solutions.
Awareness and training
We conceptualize and deliver sustainable and interactive general and specific privacy trainings and awareness campaigns tailored to different levels of the organization and business functions.
We assist you in designing and implementing effective privacy controls, compliance and risk assessments and audit frameworks to ensure sustainable compliance, demonstrate accountability and mitigate risks. We conduct privacy audits within your organization or assist your internal audit team with expert advise.
We assist you in the development and review of your business practices, systems and contracts to ensure compliance with applicable laws and regulations and minimize legal and commercial risks.
Documents, templates and tools
We draft or review contractual language, data transfer agreements, notices, consent forms and disclaimers, policies, procedures, etc. as well as standardized and specific templates and tools, including inventories of data files.
We review and evaluate privacy impact assessments, compliance and risk assessments as well as vendor audits.
We assist you in all privacy-relevant aspects relating to the selection and assessment of your vendors as well as in the review and drafting of privacy contractual clauses and negotiations.
Data security breach
We help you in designing procedures for handling data security breaches, including notification management and remediation steps and assist you in case of a data security breach.
Legal and strategic advice
We provide legal expert and strategic advice relating to a broad range of business processes with privacy implications, including but not limited to areas such as:
- IT, Outsourcing and cloud computing
- Cross-border data transfers
- Global data management systems
- Medical health and research
- CRM systems
- Tracking, data analytics, cookies
- HR, employee monitoring, background checks
- E-mail and internet
- Mobile apps.
- Social Media, Communication
- Access requests and complaint handling
- Data breach notifications
Swiss companies may designate a data protection officer who independently monitors the processing of personal data and maintains a list of data files containing personal information. By appointing a data protection officer, companies are released from the duty to register their data files with the Federal Data Protection and Information Commissioner.
Such data protection officer can be an employee of the company or an external third party.
We assume the role and the responsibilities of an external data protection officer for your company according to the Swiss Data Protection Act and based on a specific mandate and your formal designation.
What are the advantages of designating us as your external data protection officer?
- have extensive experience in performing the role of a global and Swiss data protection officer
- carry out our duties independently and without any conflicts of interests
- provide specialist knowledge in data privacy and are up-to-date with the latest developments in data protection at Swiss and European level
- offer a flexible service package according to your specific needs
- ensure compliance with Swiss data protection laws
- have a competent and experienced partner effectively supporting you in your compliance efforts
- obtain expert knowledge and know-how without any need to build expertise in-house
- free up internal resources
- are released from the duty to register your data files with the Federal Data Protection and Information Commissioner
Monitoring personal data processing
We monitor the processing of your personal data through regular privacy compliance and impact assessments, identify privacy gaps and risks, recommend and supervise remediation actions.
Maintaining a list of data files
We maintain a list of data files containing personal data. This will include:
- designing and setting-up of procedures and processes
- training the organizations operating such data files
- keeping the list up-to-date and available to the Federal Data Protection and Information Commissioner and individuals concerned and
- conducting regular reviews
Based on your needs, we provide additional services that may include:
- Development and implementation of data privacy management practices
- Legal advice in day-to-day privacy-related matters
- Development and review of templates and tools
- Risk management
- Privacy incident and complaint handling
- Development and delivery of awareness and training programs to the organization