Our Data Protection Services

Audits / Verifications

The first step is to carry out a comprehensive gap analysis – in accordance with either the Swiss Data Protection Act (DSG) or the European General Data Protection Ordinance (GDPR) – in line with your company's data categories.

A data protection gap analysis is the perfect solution if you just want to examine a specific aspect in greater detail. For example, this could be all the services that you commission where personal data is processed on your behalf or where there are potential opportunities for service providers to access this kind of data. Or maybe you just want to have your website's data protection declaration thoroughly checked to prevent any potential complaints? Gap analysis is the right approach here too.

With our Data Protection Gap Analysis you get:

  • An overview of the actual situation in terms of data protection maturity
  • A review of the measures that have been implemented
  • A detailed report with recommendations

The external GDPR web audit looks for any such security gaps and helps you to comply with the GDPR recommendations.
With our Data Protection Gap Analysis you get:

  • Analysis and assessment of the confidential information according to GDPR
  • Identification of divergences from the GDPR recommendation
  • Tracking software identified
  • A one-off check of GDPR-related IT security features by an independent cyber security expert

GDPR Web Audit

Awareness

Continuously addressing the issue of data protection ensures that your employees develop an even greater awareness and behave in the correct way, and do so intuitively.

E-Learning Course: Data Protection Principles Switzerland for Employees

The Swiss Federal Data Protection Act (DSG) lays down the provisions for processing personal data in Switzerland. There is an e-learning course that provides your employees with the basic practical knowledge of this legal regulation and that demonstrates how to implement it internally.

  • The meaning of data protection
  • The Data Protection Act (CH-DSG and VDSG)
  • Personal data and sensitive personal data
  • Right to information on data protection
  • Data Protection Officer
  • Laws and regulations
  • Disclosure of information
  • Company monitoring objectives
  • Classification of data and informationData security
  • Data protection principles
  • Quiz

E-Learning Course: The EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) has established a consistent data protection law in force throughout the European Union. It applies to all organisations that process the personal data of EU citizens.

  • Introduction to Data Protection
  • The EU General Data Protection Regulation
  • The market place principle
  • Examples of address lists
  • Personal data
  • Special categories of personal data
  • Data protection stakeholders
  • Principles for processing personal data
  • Rights of the data subject and obligations of the data controller
  • Data transmission to non-EU countries
  • Data Protection Officer
  • Quiz

Consulting

Personal data is circulating faster and more frequently, especially with digitalisation. This means that the legally compliant operation of business processes is required, and companies must define clear rules for protecting personal data.

We will assist you with analysing and defining an appropriate data protection strategy and with implementing it.

  • Consulting on data protection compliant business processes
  • Creation of CH-DSG / GDPR compliant documents
  • Data Protection Impact Assessment (DSFA)
  • Consulting on technical and organisational measures

A data protection impact assessment (DSFA), in accordance with Art. 35 of the GDPR, must be carried out prior to personal data being processed.

The GDPR lists the following examples of an obligation to implement:

  • Systematic and comprehensive assessment of personal aspects of natural persons
  • Large-scale processing of sensitive data or personal data on criminal convictions or offences
  • Systematic, comprehensive monitoring of areas with public access
  • Execution of the Data Protection Impact Assessment (DSFA)
  • Establishment of regular, continuous data protection impact assessment (DSFA)

The introduction of the GDPR has marked the beginning of a new era in data protection, as all countries and companies now have to work with this regulation. The GDPR governs the process of acquiring new customers, making personal data publicly available, promoting products, creating personalised advertising. All this and much more is regulated by the GDPR in terms of user data protection throughout Europe. The requirements for systems and processes have also been defined.

The new Data Protection Act is also expected to come into force in Switzerland in 2020. This means that new systems and processes must be designed to comply with the DSG and GDPR, so that in principle no major additional expenditure will be incurred when the new legislation is introduced.

Our data protection experts will guide you on the way to DSG / GDPR compliance with your online marketing – from the first kick-off meeting to the practical implementation of day-to-day work. Benefit from our expertise and ensure your company's success on the web and in complying with data protection regulations! We will support you in a variety of areas including:

  • Specific DSG and GDPR requirements for handling personal data in online marketing campaigns
  • Creating of a DSG and GDPR-compliant Online Data Protection Statement / Disclaimer
  • DSG and GDPR and the effects on CRM systems
  • Social media marketing and the DSG / GDPR
  • E-Mail marketing opt-in / opt-out
  • Analytics, cookies, tracking and many other subject areas

Data protection certifications create trust. A data protection seal of approval, for example the "ePrivacy Label", tells your customers that your data is highly secure and complies with the provisions of data protection legislation.

The ePrivacyseal™ is available in two versions:

  • The CH ePrivacyseal™ Swiss quality seal confirms compliance with the Swiss list of criteria, which includes the provisions of Swiss data protection legislation.
  • The EU ePrivacyseal™ certifies compliance with the ePrivacyseal list of criteria, which includes the provisions of EU data protection law according to the EU General Data Protection Regulation. This seal of quality is not an accredited procedure within the meaning of Art. 42, 43 of the GDPR.

InfoGuard will assist you with the following tasks:

  • Assistance with ePrivacy Seal (TM) certification
  • Technical assessment, analysis and implementation of security measures

Implementation

Companies are processing an ever-increasing amount of data – the keyword is "digital transformation". This is why it makes sense for many companies to appoint an employee to carry out the role of data protection officer, either internally or outsourcing it by means of a contract. However, in many cases the second variant is more worthwhile (Art. 39 GDPR), although the Swiss DPA, on the other hand, does not mention explicit tasks and duties to be carried out.

  • Implementing business decisions
  • Compliance with the currently data protection regulations in force
  • Internal and external contact
  • Verifying the processing of personal data and the processing register
  • Cooperation with data protection authorities

The HiScout GRC Suite's data protection management module will help you satisfy your documentation obligations under the EU GDPR:

  • Data protection impact assessment, processing activity directory, authorisation concepts, deletion concepts
  • Complete data model for all aspects of the GRC (Governance, Risk Management And Compliance) environment
  • Adapting work views to meet individual needs
  • Data evaluation
  • Generic interface technology for connecting additional systems

An ever increasing number of business processes are being outsourced to service providers. For many companies, selecting and verifying suppliers who process order data is a major challenge.

  • Creation of guidelines for contract data processing
  • Registration and documentation of existing service relationships and review of contracts for contract data processing
  • Creation of a contract data processing inventory
  • Risk assessments for individual service providers and service level agreements

InfoGuard – Your partner for all aspects of data protection

At InfoGuard, our data protection experts are there to assist you with all aspects of the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). The benefits to you are:

  • Access to a variety of data protection experts with different specialisations
  • Long-standing experience in a wide range of industries and with national and international data protection regulations
  • A broad range of skills in all areas of data protection, cyber security and defence, thanks to InfoGuard's 360° approach
  • Rapid access to additional InfoGuard specialists, e.g. from the fields of penetration testing, security awareness, engineering and cyber defence
  • Cooperation with specialist legal offices for statutory data protection issues

Contact us now!