Privacy Legal | Daniela Fabian

We assist you in designing, developing and implementing appropriate and customized data privacy management practices and governance structures, tailored to your organization and business needs, that enable your company to ensure adequate compliance with privacy laws and regulations and be better prepared to respond to privacy, cyber and data protection issues. 

In response to the current legal developments in the EU (new General Data Protection Regulation, Privacy Shield), Switzerland (revision of the Data Protection Act) and other countries, we assist you in reviewing and adapting your privacy management program to ensure compliance with the new rules and be prepare to demonstrate your accountability. 

Our appraoch to privacy governance involves standards based on laws, regulations and general privacy principles, processes and procedures determining actions and behaviours to comply with the standards, awareness programs and tools, defined roles and responsibilities and clear accountability to ensure effective and sustainable implementation of legal and regulatory privacy requirements as well as controls providing assurance and supporting risk mitigation. 

Our services:

Program scope and strategy

We assist you in defining your program scope and the strategy appropriate to your organization and business based on an initial assessment.

Governance structure

We support you in establishing an effective governance structure and defining roles and responsibilities.

Privacy policy framework

We help you in developing a policy framework consisting of standards, policies and procedures for privacy program implementation.

Binding Corporate Rules

We assist you in designing Binding Corporate Rules (BCR) for your organization, driving the authorization process in the EU and Switzerland and effectively implementing the BCR across your enterprise.

Data transfer governance

We advise you on appropriate governance models for transferring personal information globally within your organization and to third parties and assist you in implementing the defined solutions. 

Awareness and training

We conceptualize and deliver sustainable and interactive general and specific privacy trainings and awareness campaigns tailored to different levels of the organization and business functions. 

Risk management

We assist you in designing and implementing effective privacy controls, compliance and risk assessments and audit frameworks to ensure sustainable compliance, demonstrate accountability and mitigate risks. We conduct privacy audits within your organization or assist your internal audit team with expert advise. 

Swiss companies may designate a data protection officer who independently monitors the processing of personal data and maintains a list of data files containing personal information. By appointing a data protection officer, companies are released from the duty to register their data files with the Federal Data Protection and Information Commissioner.

Such data protection officer can be an employee of the company or an external third party.

We assume the role and the responsibilities of an external data protection officer for your company according to the Swiss Data Protection Act and based on a specific mandate and your formal designation.

What are the advantages of designating us as your external data protection officer?


  • have extensive experience in performing the role of a global and Swiss data protection officer
  • carry out our duties independently and without any conflicts of interests
  • provide specialist knowledge in data privacy and are up-to-date with the latest developments in data protection at Swiss and European level
  • offer a flexible service package according to your specific needs


  • ensure compliance with Swiss data protection laws
  • have a competent and experienced partner effectively supporting you in your compliance efforts
  • obtain expert knowledge and know-how without any need to build expertise in-house
  • free up internal resources
  • are released from the duty to register your data files with the Federal Data Protection and Information Commissioner

Our services:

Monitoring personal data processing

We monitor the processing of your personal data through regular privacy compliance and impact assessments, identify privacy gaps and risks, recommend and supervise remediation actions.

Maintaining a list of data files

We maintain a list of data files containing personal data. This will include:

  • designing and setting-up of procedures and processes
  • training the organizations operating such data files
  • keeping the list up-to-date and available to the Federal Data Protection and Information Commissioner and individuals concerned and
  • conducting regular reviews

Further services

Based on your needs, we provide additional services that may include:

  • Development and implementation of data privacy management practices
  • Legal advice in day-to-day privacy-related matters
  • Development and review of templates and tools
  • Risk management
  • Privacy incident and complaint handling
  • Development and delivery of awareness and training programs to the organization