DATA SECURITY SERVICES

To ensure compliance with data protection legislation and identify potential risks, it is advisable to carry out a comprehensive gap analysis. This process examines how well your company's data protection practices comply with the requirements of the Swiss Data Protection Act (DPA) and the European General Data Protection Regulation (GDPR). The analysis should include the following points:

1. Identification of current data protection maturity: A thorough investigation of current data protection practices and processes to understand how personal data is handled within the organization.
2. Review of the implemented measures: Assessment of existing data protection measures and policies to ensure that they comply with legal requirements and are effectively implemented.
3. Preparation of a detailed report with recommendations: Once the analysis is complete, a detailed report is prepared that highlights the gaps identified and provides specific recommendations for improvements and measures to increase data protection compliance.

This gap analysis is a crucial step in ensuring that your company not only complies with legal requirements, but also builds customer and partner trust in terms of data protection and data security.

The external GDPR web audit looks for any such security gaps and helps you to comply with the GDPR recommendations.
With our Data Protection Gap Analysis you get:

• Analysis and assessment of the confidential information according to GDPR
• Identification of divergences from the GDPR recommendation
• Tracking software identified
• A one-off check of GDPR-related IT security features by an independent cyber security expert

Continuously addressing the issue of data protection ensures that your employees develop an even greater awareness and behave in the correct way, and do so intuitively.

E-Learning Course: Data Protection Principles Switzerland for Employees

The Swiss Federal Data Protection Act (DSG) lays down the provisions for processing personal data in Switzerland. There is an e-learning course that provides your employees with the basic practical knowledge of this legal regulation and that demonstrates how to implement it internally.

• The meaning of data protection
• The Data Protection Act (CH-DSG and VDSG)
• Personal data and sensitive personal data
• Right to information on data protection
• Data Protection Officer
• Laws and regulations
• Disclosure of information
• Company monitoring objectives
• Classification of data and informationData security
• Data protection principles
• Quiz

E-Learning Course: The EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) has established a consistent data protection law in force throughout the European Union. It applies to all organisations that process the personal data of EU citizens.

• Introduction to Data Protection
• The EU General Data Protection Regulation
• The market place principle
• Examples of address lists
• Personal data
• Special categories of personal data
• Data protection stakeholders
• Principles for processing personal data
• Rights of the data subject and obligations of the data controller
• Data transmission to non-EU countries
• Data Protection Officer
• Quiz

Personal data is circulating faster and more frequently, especially with digitalisation. This means that the legally compliant operation of business processes is required, and companies must define clear rules for protecting personal data.

We will assist you with analysing and defining an appropriate data protection strategy and with implementing it.

• Consulting on data protection compliant business processes
• Creation of CH-DSG / GDPR compliant documents
• Data Protection Impact Assessment (DSFA)
• Consulting on technical and organisational measures

A data protection impact assessment (DPIA) is an essential tool for ensuring data protection compliance when processing personal data. Although the GDPR is specifically aimed at EU Member States, its principles and requirements are also relevant and applicable under the Swiss Data Protection Act (DPA), especially when it comes to cross-border data processing.

The DPIA must be carried out before any processing of personal data begins, especially in cases such as:

1. Systematic  and comprehensive assessment of personal aspects relating to natural persons: This involves procedures that analyze or predict personal data.
2. Extensive processing of sensitive data or data relating to criminal convictions or offenses: This refers to large amounts of special categories of personal data.
3. Systematic, extensive monitoring of publicly accessible areas: This includes the ongoing or systematic monitoring of a publicly accessible area.

Performing DPIAs on a regular and continuous basis is a fundamental practice to ensure data protection compliance in dynamic and rapidly evolving processing environments. It is important that companies that process personal data consider this process as an integral part of their data protection management system and integrate it into their operational procedures.

The introduction of the GDPR in 2018 set a new standard in data protection across Europe. This regulation affects the way in which companies process personal data, from new customer acquisition to personalized advertising. At the same time, a new Data Protection Act (DPA) came into force in Switzerland on 1 September 2023, further modernizing data protection practices within the country and aligning them with international standards. This law places similar requirements on the processing of personal data and requires companies to adapt their systems and processes accordingly in order to be compliant with both the DPA and the GDPR.

Our data protection experts support you in implementing these requirements in your online marketing. From conception to operational implementation, we are at your side to ensure that your company operates successfully and in compliance with data protection regulations on the web. Our services include:

• Advice on specific requirements of the FADP and GDPR for the handling of personal data in online marketing.
• Support in the creation of an online data protection declaration / disclaimer that complies with the DPA and GDPR.
• Advice on integrating the DPA and GDPR into CRM systems.
• Guidance for social media marketing taking into account the DSG / GDPR.
• Implementation of email marketing strategies with opt-in / opt-out options.
• Support with analytics, cookies, tracking and many other data protection topics.

With our expertise, you can be sure that your company complies with current data protection standards and at the same time operates effectively in online marketing.

Data protection certifications create trust. A data protection seal of approval, for example the "ePrivacy Label", tells your customers that your data is highly secure and complies with the provisions of data protection legislation.

The ePrivacyseal™ is available in two versions:

• The CH ePrivacyseal™ Swiss quality seal confirms compliance with the Swiss list of criteria, which includes the provisions of Swiss data protection legislation.
• The EU ePrivacyseal™ certifies compliance with the ePrivacyseal list of criteria, which includes the provisions of EU data protection law according to the EU General Data Protection Regulation. This seal of quality is not an accredited procedure within the meaning of Art. 42, 43 of the GDPR.

InfoGuard will assist you with the following tasks:

• Assistance with ePrivacy Seal (TM) certification
• Technical assessment, analysis and implementation of security measures

The external Data Protection Coordinator (DPC) provides support for the company Data Protection Officer (DPO) in accordance with the Data Protection Act (DPA) and / or the GDPR. According to the DPA, the following tasks and duties of a data protection officer are defined, among others:

• Contact point for data subjects and authorities: The DPO serves as the central contact person for persons affected by data processing and for the authorities responsible for data protection in Switzerland.
• Training and advice: The DPO trains and advises the data controller on data protection issues to ensure that the data protection regulations are correctly applied and complied with within the company.
• Participation in the application of data protection regulations: The DPO plays an active role in the implementation and monitoring of data protection regulations within the company.

The use of an external DPC strengthens the effectiveness of the DPO by providing additional expertise and resources to ensure compliance with data protection regulations under both the DPA and the GDPR.

The HiScout GRC Suite's data protection management module will help you satisfy your documentation obligations under the EU GDPR:

• Data protection impact assessment, processing activity directory, authorisation concepts, deletion concepts
• Complete data model for all aspects of the GRC (Governance, Risk Management And Compliance) environment
• Adapting work views to meet individual needs
• Data evaluation
• Generic interface technology for connecting additional systems

An ever increasing number of business processes are being outsourced to service providers. For many companies, selecting and verifying suppliers who process order data is a major challenge.

• Creation of guidelines for contract data processing
• Registration and documentation of existing service relationships and review of contracts for contract data processing
• Creation of a contract data processing inventory
• Risk assessments for individual service providers and service level agreements