Our Data Protection Services
Audits / Verifications
The first step is to carry out a comprehensive gap analysis – in accordance with either the Swiss Data Protection Act (DSG) or the European General Data Protection Ordinance (GDPR) – in line with your company's data categories.
A data protection gap analysis is the perfect solution if you just want to examine a specific aspect in greater detail. For example, this could be all the services that you commission where personal data is processed on your behalf or where there are potential opportunities for service providers to access this kind of data. Or maybe you just want to have your website's data protection declaration thoroughly checked to prevent any potential complaints? Gap analysis is the right approach here too.
With our Data Protection Gap Analysis you get:
- An overview of the actual situation in terms of data protection maturity
- A review of the measures that have been implemented
- A detailed report with recommendations
The external GDPR web audit looks for any such security gaps and helps you to comply with the GDPR recommendations.
With our Data Protection Gap Analysis you get:
- Analysis and assessment of the confidential information according to GDPR
- Identification of divergences from the GDPR recommendation
- Tracking software identified
- A one-off check of GDPR-related IT security features by an independent cyber security expert
Awareness
Continuously addressing the issue of data protection ensures that your employees develop an even greater awareness and behave in the correct way, and do so intuitively.
E-Learning Course: Data Protection Principles Switzerland for Employees
The Swiss Federal Data Protection Act (DSG) lays down the provisions for processing personal data in Switzerland. There is an e-learning course that provides your employees with the basic practical knowledge of this legal regulation and that demonstrates how to implement it internally.
- The meaning of data protection
- The Data Protection Act (CH-DSG and VDSG)
- Personal data and sensitive personal data
- Right to information on data protection
- Data Protection Officer
- Laws and regulations
- Disclosure of information
- Company monitoring objectives
- Classification of data and informationData security
- Data protection principles
- Quiz
E-Learning Course: The EU General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) has established a consistent data protection law in force throughout the European Union. It applies to all organisations that process the personal data of EU citizens.
- Introduction to Data Protection
- The EU General Data Protection Regulation
- The market place principle
- Examples of address lists
- Personal data
- Special categories of personal data
- Data protection stakeholders
- Principles for processing personal data
- Rights of the data subject and obligations of the data controller
- Data transmission to non-EU countries
- Data Protection Officer
- Quiz
Consulting
Personal data is circulating faster and more frequently, especially with digitalisation. This means that the legally compliant operation of business processes is required, and companies must define clear rules for protecting personal data.
We will assist you with analysing and defining an appropriate data protection strategy and with implementing it.
- Consulting on data protection compliant business processes
- Creation of CH-DSG / GDPR compliant documents
- Data Protection Impact Assessment (DSFA)
- Consulting on technical and organisational measures
A data protection impact assessment (DSFA), in accordance with Art. 35 of the GDPR, must be carried out prior to personal data being processed.
The GDPR lists the following examples of an obligation to implement:
- Systematic and comprehensive assessment of personal aspects of natural persons
- Large-scale processing of sensitive data or personal data on criminal convictions or offences
- Systematic, comprehensive monitoring of areas with public access
- Execution of the Data Protection Impact Assessment (DSFA)
- Establishment of regular, continuous data protection impact assessment (DSFA)
The introduction of the GDPR has marked the beginning of a new era in data protection, as all countries and companies now have to work with this regulation. The GDPR governs the process of acquiring new customers, making personal data publicly available, promoting products, creating personalised advertising. All this and much more is regulated by the GDPR in terms of user data protection throughout Europe. The requirements for systems and processes have also been defined.
The new Data Protection Act is also expected to come into force in Switzerland in 2020. This means that new systems and processes must be designed to comply with the DSG and GDPR, so that in principle no major additional expenditure will be incurred when the new legislation is introduced.
Our data protection experts will guide you on the way to DSG / GDPR compliance with your online marketing – from the first kick-off meeting to the practical implementation of day-to-day work. Benefit from our expertise and ensure your company's success on the web and in complying with data protection regulations! We will support you in a variety of areas including:
- Specific DSG and GDPR requirements for handling personal data in online marketing campaigns
- Creating of a DSG and GDPR-compliant Online Data Protection Statement / Disclaimer
- DSG and GDPR and the effects on CRM systems
- Social media marketing and the DSG / GDPR
- E-Mail marketing opt-in / opt-out
- Analytics, cookies, tracking and many other subject areas
Data protection certifications create trust. A data protection seal of approval, for example the "ePrivacy Label", tells your customers that your data is highly secure and complies with the provisions of data protection legislation.
The ePrivacyseal™ is available in two versions:
- The CH ePrivacyseal™ Swiss quality seal confirms compliance with the Swiss list of criteria, which includes the provisions of Swiss data protection legislation.
- The EU ePrivacyseal™ certifies compliance with the ePrivacyseal list of criteria, which includes the provisions of EU data protection law according to the EU General Data Protection Regulation. This seal of quality is not an accredited procedure within the meaning of Art. 42, 43 of the GDPR.
InfoGuard will assist you with the following tasks:
- Assistance with ePrivacy Seal (TM) certification
- Technical assessment, analysis and implementation of security measures
Implementation
The external Data Protection Coordinator (DPCs) supports the operational DPO in his tasks according to CH.DSG and / or DSGVO. According to CH.DSG, the following tasks and duties of a Data Protection Coordinator are defined, among others, according to CH.DSG, the following tasks and duties of a Data Protection Coordinator are defined, among others.
- Contact point for data subjects and for the authorities responsible for data protection in Switzerland
- Training and advising the data controller on data protection issues;
- Participation in the application of data protection regulations
The HiScout GRC Suite's data protection management module will help you satisfy your documentation obligations under the EU GDPR:
- Data protection impact assessment, processing activity directory, authorisation concepts, deletion concepts
- Complete data model for all aspects of the GRC (Governance, Risk Management And Compliance) environment
- Adapting work views to meet individual needs
- Data evaluation
- Generic interface technology for connecting additional systems
An ever increasing number of business processes are being outsourced to service providers. For many companies, selecting and verifying suppliers who process order data is a major challenge.
- Creation of guidelines for contract data processing
- Registration and documentation of existing service relationships and review of contracts for contract data processing
- Creation of a contract data processing inventory
- Risk assessments for individual service providers and service level agreements
BLOG ARTICLES ON DATA SECURITY
- SIC5 – What you need to know about banks’ “instant payments”
- ISG revision: consequences & obligations for critical infrastructure operators [Part 2]
- ISG revision: consequences & obligations for critical infrastructure operators [Part 1]
- Are you ready for the new FINMA circular 2023/1 “Operational risks and resilience – Banks”?
- Focus on data protection: The new Swiss data protection law and its consequences
- NIS 2 – an overview of the EU’s new Cyber Security Directive
- “Identity-centred security – putting it into practice”
- Architecture Digest 2021 – Particular concerns of our InfoGuard clients
- The New Swiss Data Protection Act – The List of Processing Activities [Part 2]
- SWIFT CSCF v2021 – are you ready for the independent assessment?
InfoGuard – Your partner for data protection
At InfoGuard, our data protection experts are there to assist you with all aspects of the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). The benefits to you are:
- Access to a variety of data protection experts with different specialisations
- Long-standing experience in a wide range of industries and with national and international data protection regulations
- A broad range of skills in all areas of data protection, cyber security and defence, thanks to InfoGuard's 360° approach
- Rapid access to additional InfoGuard specialists, e.g. from the fields of penetration testing, security awareness, engineering and cyber defence
- Cooperation with specialist legal offices for statutory data protection issues