Our Data Protection Services
Audits / Verifications
The first step is to carry out a comprehensive gap analysis – in accordance with either the Swiss Data Protection Act (DSG) or the European General Data Protection Ordinance (GDPR) – in line with your company's data categories.
A data protection gap analysis is the perfect solution if you just want to examine a specific aspect in greater detail. For example, this could be all the services that you commission where personal data is processed on your behalf or where there are potential opportunities for service providers to access this kind of data. Or maybe you just want to have your website's data protection declaration thoroughly checked to prevent any potential complaints? Gap analysis is the right approach here too.
With our Data Protection Gap Analysis you get:
- An overview of the actual situation in terms of data protection maturity
- A review of the measures that have been implemented
- A detailed report with recommendations
The external GDPR web audit looks for any such security gaps and helps you to comply with the GDPR recommendations.
With our Data Protection Gap Analysis you get:
- Analysis and assessment of the confidential information according to GDPR
- Identification of divergences from the GDPR recommendation
- Tracking software identified
- A one-off check of GDPR-related IT security features by an independent cyber security expert
Continuously addressing the issue of data protection ensures that your employees develop an even greater awareness and behave in the correct way, and do so intuitively.
E-Learning Course: Data Protection Principles Switzerland for Employees
The Swiss Federal Data Protection Act (DSG) lays down the provisions for processing personal data in Switzerland. There is an e-learning course that provides your employees with the basic practical knowledge of this legal regulation and that demonstrates how to implement it internally.
- The meaning of data protection
- The Data Protection Act (CH-DSG and VDSG)
- Personal data and sensitive personal data
- Right to information on data protection
- Data Protection Officer
- Laws and regulations
- Disclosure of information
- Company monitoring objectives
- Classification of data and informationData security
- Data protection principles
The EU General Data Protection Regulation (GDPR) has established a consistent data protection law in force throughout the European Union. It applies to all organisations that process the personal data of EU citizens.
- Introduction to Data Protection
- The EU General Data Protection Regulation
- The market place principle
- Examples of address lists
- Personal data
- Special categories of personal data
- Data protection stakeholders
- Principles for processing personal data
- Rights of the data subject and obligations of the data controller
- Data transmission to non-EU countries
- Data Protection Officer
Personal data is circulating faster and more frequently, especially with digitalisation. This means that the legally compliant operation of business processes is required, and companies must define clear rules for protecting personal data.
We will assist you with analysing and defining an appropriate data protection strategy and with implementing it.
- Consulting on data protection compliant business processes
- Creation of CH-DSG / GDPR compliant documents
- Data Protection Impact Assessment (DSFA)
- Consulting on technical and organisational measures
A data protection impact assessment (DSFA), in accordance with Art. 35 of the GDPR, must be carried out prior to personal data being processed.
The GDPR lists the following examples of an obligation to implement:
- Systematic and comprehensive assessment of personal aspects of natural persons
- Large-scale processing of sensitive data or personal data on criminal convictions or offences
- Systematic, comprehensive monitoring of areas with public access
- Execution of the Data Protection Impact Assessment (DSFA)
- Establishment of regular, continuous data protection impact assessment (DSFA)
The new Data Protection Act is also expected to come into force in Switzerland in 2020. This means that new systems and processes must be designed to comply with the DSG and GDPR, so that in principle no major additional expenditure will be incurred when the new legislation is introduced.
Our data protection experts will guide you on the way to DSG / GDPR compliance with your online marketing – from the first kick-off meeting to the practical implementation of day-to-day work. Benefit from our expertise and ensure your company's success on the web and in complying with data protection regulations! We will support you in a variety of areas including:
- Specific DSG and GDPR requirements for handling personal data in online marketing campaigns
- Creating of a DSG and GDPR-compliant Online Data Protection Statement / Disclaimer
- DSG and GDPR and the effects on CRM systems
- Social media marketing and the DSG / GDPR
- E-Mail marketing opt-in / opt-out
- Analytics, cookies, tracking and many other subject areas
Data protection certifications create trust. A data protection seal of approval, for example the "ePrivacy Label", tells your customers that your data is highly secure and complies with the provisions of data protection legislation.
The ePrivacyseal™ is available in two versions:
- The CH ePrivacyseal™ Swiss quality seal confirms compliance with the Swiss list of criteria, which includes the provisions of Swiss data protection legislation.
- The EU ePrivacyseal™ certifies compliance with the ePrivacyseal list of criteria, which includes the provisions of EU data protection law according to the EU General Data Protection Regulation. This seal of quality is not an accredited procedure within the meaning of Art. 42, 43 of the GDPR.
InfoGuard will assist you with the following tasks:
- Assistance with ePrivacy Seal (TM) certification
- Technical assessment, analysis and implementation of security measures
Companies are processing an ever-increasing amount of data – the keyword is "digital transformation". This is why it makes sense for many companies to appoint an employee to carry out the role of data protection officer, either internally or outsourcing it by means of a contract. However, in many cases the second variant is more worthwhile (Art. 39 GDPR), although the Swiss DPA, on the other hand, does not mention explicit tasks and duties to be carried out.
- Implementing business decisions
- Compliance with the currently data protection regulations in force
- Internal and external contact
- Verifying the processing of personal data and the processing register
- Cooperation with data protection authorities
The HiScout GRC Suite's data protection management module will help you satisfy your documentation obligations under the EU GDPR:
- Data protection impact assessment, processing activity directory, authorisation concepts, deletion concepts
- Complete data model for all aspects of the GRC (Governance, Risk Management And Compliance) environment
- Adapting work views to meet individual needs
- Data evaluation
- Generic interface technology for connecting additional systems
An ever increasing number of business processes are being outsourced to service providers. For many companies, selecting and verifying suppliers who process order data is a major challenge.
- Creation of guidelines for contract data processing
- Registration and documentation of existing service relationships and review of contracts for contract data processing
- Creation of a contract data processing inventory
- Risk assessments for individual service providers and service level agreements
BLOG ARTICLES AROUND DATA SECURITY
- The new Swiss Data Protection Act – the most important new features [Part 1]
- Trust is good, but monitoring is better – monitoring and data protection when working from home
- The (non-) routine job of an IT security architect
- How to use biometric authentication and remain compliant with data protection regulations
- If you don't keep up with the times, time moves on without you – or replacing the Federal DSG
- PSD2 – what you should know about it and why it is a guarantee of security in “Open Banking”
- ISO/IEC 27701 – the aspects of data protection that are integrated in the ISMS
- IEC 62443 – or how to implement OT security in an efficient and reliable way
- SWIFT CSP v2020 – why you should never lose track of these controls
- Efficiently Implementing and maintaining the ICT minimum standard
- Governance, Risk & Compliance (GRC) – how to manage cyber risk while ensuring compliance!
- SWIFT Customer Security Programme – are you ready for the upcoming assessment?
- CISOs in the eye of the storm due to a security incident
- DLP – How to protect yourself in a pragmatic way against losing data
- Data privacy strategy – what about your data protection strategy?
- 2018 - The year of the GDPR (General Data Protection Regulation) is not over yet!
- GDPR: 1, 2 or 3 – the last chance is (soon) over
- Cyber revolution: In 2018, you must protect yourself against these 4 cyber risks
- Our 10-Step checklist will help you be prepared for the GDPR
- As a Swiss bank, you need to be in control of your operational risks
- NIST cyber security framework – the five perspectives of cyber security
- IAM vs. CIAM: Why is classic IAM no longer enough
- Data Protection Officer – the specialist in data protection and GDPR
- How you can reduce privileged accounts and increase your security
- The General Data Protection Regulation GDPR – no need to panic!
InfoGuard – Your partner for all aspects of data protection
At InfoGuard, our data protection experts are there to assist you with all aspects of the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). The benefits to you are:
- Access to a variety of data protection experts with different specialisations
- Long-standing experience in a wide range of industries and with national and international data protection regulations
- A broad range of skills in all areas of data protection, cyber security and defence, thanks to InfoGuard's 360° approach
- Rapid access to additional InfoGuard specialists, e.g. from the fields of penetration testing, security awareness, engineering and cyber defence
- Cooperation with specialist legal offices for statutory data protection issues