Skip to content Skip to footer
Site Search

Menu

Services

Menu

Private Wealth & Entrepreneurs

Menu

Family business & SME consulting

Featured

ESG: Criteria and Implementation

Cybersecurity

Menu

Events

Loading Results

Data Protection Services

Helping our clients to control and protect their personal data and unlock their value in a compliant way

In today’s world, protecting personal data through a robust data protection organization and governance is “key”. In fact, significant consequences arose for companies (including Swiss) upon the entry into force of the EU General Data Protection Regulation ("GDPR") in May 2018. Many countries globally have followed this regulatory trend.

In Switzerland, the revised Swiss Data Protection Act ("DPA") is expected to apply from 1. September 2023. Compared to the current DPA, the revised DPA will entail significant tightening of the law. In many respects, the revised DPA aims to align with the regulation in the European Union, but some aspects differ from the GDPR ("Swiss Finish"). Notably, under the DPA, natural persons acting on behalf of a company (as the responsible party) may be personally liable to prosecution. Swiss companies should therefore review their existing data protection framework, carefully analyze the “gaps” to the revised DPA and take the necessary measures timely, in order to be DPA-ready on September 1, 2023.

The three pillars of our data protection service

Compliance with data law regulations

Data protection laws require the ability to identify, control and react to data protection risks.

Managing data as a strategy

Your company can achieve a "gold standard" in handling personal data and builds trust with customers.

Cyberlaw

We offer an integrated solution with legal and IT services to provide a 360° protection framework.
< Back

< Back
[+] Read More

Compliance with data law regulations

With our experience and expertise in data protection and ICT law, we are the partner of choice both for setting up your data protection organisation and for specific data protection and ICT law concerns. Thanks to our coordinated support, complex regulations become conceivably simple.

Do you want to know how to prepare for the implementation of the revised FADP? Find all the relevant information here in our data protection blog series

 

Maturity Assessment

Supervisory Board and Management Board nowadays want to know, whether their data protection management system is robust enough and whether the staffing is appropriate. The aim is to understand the risk exposure and maturity towards the market.

What we can support you with:
  • Identify and assess in-scope processes
  • Calculate the necessary FTEs
  • Recommendations on how to close any gaps identified
  • Risk rate the findings so that you can easily understand what tasks have the highest priority and which pose the highest level of risk

Compliance

Data protection laws require the ability to identify, control and react to data protection risks, including clearly defined data protection roles and responsibilities. We will develop a data protection management system that enables you to govern your organisation.

What we can support you with:
  • Definition of the relevant roles and TCRs (task – competence - responsibility) within the client in order to meet the new data protection requirements, e.g.: Data Protection Officer and Data Owners
  • Drafting and Review of a data protection governance framework, including policies and procedures
  • GAP analysis: We uncover your data protection gaps and help you close them

Cloud Journey

With a planned cloud migration, data protection considerations arise, especially in connection with cross-border data transfers. In regulated industries, regulatory requirements (e.g. FINMA) and industry standards are also relevant. In addition, professional secrecy considerations arise.

What we can support you with:
  • Cloud risk assessment: Especially for companies transferring personal data from Switzerland to other countries (for example, the US)
  • Provision of a targeted Cloud Assessment Checklists for your self-assessment (with our without further PwC support)
  • Vendor Assessment
  • Data protection / privacy concept: Support in the design of the configuration to achieve compliance with data protection laws
  • Contract design and review
  • Provision of Cloud Computing Contract Checklist
  • Drafting and review of and policies and procedures (e.g. IT Acceptable Use, IT Cloud Computing Policy)

Data Protection Impact Assessment (DPIA)

A significant impetus of global data protection laws is the need to conduct DPIAs to help identify and minimise data protection risks which a new process, technology, system or device might have on an individual.

What we can support you with:
  • Deliver a policy and procedure that enables you to assess privacy risks across all activities that process personal data;
  • Assist you with conducting the DPIA (DPIA-as-a-service);
  • Provide you with a tool to conduct the DPIA

Third Party Management and Vendor Assessment

Companies (“controllers”) that entrust another company with the processing of personal data (“processors”, e.g. supplier) must ensure by contract that the entrusted company takes appropriate technical and organizational measures to protect the data.

Also in case of joint controllership, there may be a legal obligation (or other sound reasons) to contractually regulate the respective obligations and rights with respect to the personal data.

What we can support you with:
  • Third party assessments
  • Drafting and review of contracts with processors or other third parties
  • Provision of templates for data processing agreements and joint controllership contracts
  • Provision of checklists to evaluate the qualification of a third party as processor
  • Implement software-based contract management solutions for data processing and joint controller agreements

Data protection as a strategy 

Data protection is not only a regulatory requirement, but can also be pursued as a strategic approach and thus contribute to the business success of a company:

  • Particularly in the context of Big Data and the high value of personal data, our experience shows that carefully pursued data protection helps a company move forward in its strategy.
  • By implementing a robust data protection organization and governance, your company achieves a "gold standard" in handling personal data and builds trust with customers.

We would be happy to support you in using data protection as a strategic tool for business success in your company.

Cyberlaw

Cyberlaw is the body of rules in relation of information technology and information and communications technology (ICT) security.

The legal services offered by Cyberlaw provide a 360° protection framework for companies, institutions and individuals.

All companies across industries are susceptible to a cyber security incident that can arise from insider, e.g. employees or contractors or outsiders, e.g. competitors or governments.

Attacks on information and communications technology (ICT) systems have significantly increased since the beginning of the pandemic. Swiss companies have also recently been more and more affected across all sectors. In this context, regulatory and legal aspects of dealing with ICT risks are becoming increasingly important. In this context, digital workplace design is of great importance. Please find out here how we can help your company to protect your modern workplace.

All companies across industries are susceptible to a cyber security incident that can arise from:

  1. Insiders: employees, partners, contractors, due to negligence, information leakage or human error
  2. Outsiders: hackers, organized crime, competitors, governments, industrial espionage
Which companies need to incorporate Cyberlaw into their compliance models?
  • Regulated entities, such as financial sector, health & life sciences, insurance
  • Critical infrastructure operators and essential service operators
  • Companies subject to secrecy obligations or holding intangible assets and/or trade secrets
  • Companies in charge for data processing for third parties, e.g. IT service operators or platforms

 

What we can support you with

Your benefits

Industry-leading services covering the whole spectrum of data protection

 

Professional advice from internal and external experts and lawyers

 

Guaranteed compliance with EU GDPR and/or Swiss FADP

 

Data protection is not only about being compliant with the law. It is also about building trust as a company vis-a-vis your stakeholders, clients and employees.

Philipp RosenauerPartner, Legal, PwC Switzerland

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}
{{contentList.loadingText}}
{{contentList.loadMoreLabel}} {{contentList.viewAllLabel}}

Contact us

Philipp Rosenauer

Philipp Rosenauer

Partner Legal, PwC Switzerland

Tel: +41 58 792 18 56

Email
Claudia Liliane Jung

Claudia Liliane Jung

Senior Manager | Data Privacy | ICT | Implementationᐩ, PwC Switzerland

Tel: +41 58 792 47 59

Email
Adrien Tharin

Adrien Tharin

Director | Head of FinTech, Blockchain and Digital Assets, PwC Switzerland

Tel: +41 58 792 92 24

Email
Anouk Geene

Anouk Geene

Associate | Data Privacy | ICT | Implementationᐩ , PwC Switzerland

Tel: +41 58 792 44 00

Email
Caitlin Hemminga

Caitlin Hemminga

Trainee | Data Privacy | ICT | Implementationᐩ, PwC Switzerland

Tel: +41 58 792 49 64

Email
Simone Kuster

Simone Kuster

Associate | Data Privacy | ICT | Implementationᐩ, PwC Switzerland

Tel: +41 58 792 13 22

Email
Services Assurance Consulting Corporate Support Services Deals Global Markets Legal People and Organisation Private Wealth SME and Family Business Tax Advice
Industry Sectors Energy Financial Services Government and Public Sector Health care Industrial Manufacturing Real Estate Retail and Consumer Goods Pharmaceuticals and Life Sciences Sports Business Advisory Technology, Media and Telecommunications
Today's issues COVID-19 Workforce of the Future Finance Transformation Customer Transformation Cybersecurity Data & Analytics ESG: Criteria and Implementation
About PwC Contact Press Locations Organisation and Management Purpose, Values and Code of Conduct Reports Corporate Responsibility Our History Alumni
Careers Open Positions Career Events Experienced Hires Graduates Students Apprentices PwC as an Employer PwC's Career Blog
Research & Insights Our latest insights Subscribe to PwC updates Update your subscription preferences

© 2018 - 2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.