Helping our clients to control and protect their personal data and unlock their value in a compliant way
In today’s world, there is no way around protecting personal data through a robust data protection organization and governance. In fact, significant consequences arose for companies (also for Swiss companies) after the General Data Protection Regulation ("GDPR") came into force in the European Union a few years ago. Many countries globally have followed this trend. In Switzerland, the revised Swiss Data Protection Act ("DPA") is expected to apply in Switzerland from September 2023. Compared to the current data protection laws, the revised DPA will entail significant tightening of the law. In many respects, the revised DPA aims to align with the regulation in the EU but some aspects differ from the GDPR ("Swiss Finish"). In the event of any violations of the DPA, the responsible persons within a company may face criminal sanctions. Swiss companies should therefore analyse the need for implementation carefully regardless of their existing DPA compliance and take the necessary measures soon enough.
Data protection is not only a regulatory requirement, but can also be pursued as a strategic approach and thus contribute to the business success of a company:
We would be happy to support you in using data protection as a strategic tool for business success in your company.
In today's increasingly digitalized environment, companies are also increasingly confronted with technology law issues (e.g. digital transformation, e-commerce, artificial intelligence, licence management, etc.). We have in-depth experience with ICT legal topics and also support our clients in the implementation of industry-specific ICT legal requirements (e.g. in the financial and life sciences sectors).
The legal services offered by Cyberlaw provide a 360° protection framework for companies, institutions and individuals.
All companies across industries are susceptible to a cyber security incident that can arise from insider, e.g. employees or contractors or outsiders, e.g. competitors or governments.
With our experience and expertise in data protection and ICT law, we are the partner of choice both for setting up your data protection organisation and for specific data protection and ICT law concerns. Thanks to our coordinated support, complex regulations become conceivably simple.
Data protection laws require the ability to identify, control and react to data protection risks, including clearly defined data protection roles and responsibilities. We will develop a data protection management system that enables you to govern your organisation.
Many privacy laws give data subjects a number of rights to which organisations are obliged to respond. It is essential for an organisation to be able to facilitate such requests.
Data controllers must provide users with sufficient information before processing personal data.
It is essential that your employees know how to handle personal data.
A detailed and precise documentation of your processing activities is required by law.
A significant impetus of global data protection laws is the need to conduct DPIAs to help identify and minimise data protection risks which a new process, technology, system or device might have on an individual.
The transparency principle requires controllers to inform individuals about how they collect, use, store, transfer and secure personal data through a website privacy notice at the time the data is collected.
Your marketing and communication activities require compliance to the data protection laws.
The revision of the Data Protection Act requires that your staff know the legal regulations and apply them consistently. Building awareness also means raising awareness.
The Data Protection Laws require that personal data must be deleted if it is no more required. At the same time, data may be subject to retention obligations.
For important or critical processing operations, companies want to know whether they comply with applicable data protection laws, especially whether the processing is lawful.
The FDPIC requires a risk assessment event if Standard Contractual Clauses (SCC) are submitted. Moreover, you are required to reach compliance with data protection laws
Companies must ensure that their numerous contracts with third parties processing data for them are legally compliant.
Supervisory Board and Management Board nowadays want to know, whether their data protection management system is robust enough and whether the staffing is appropriate. The aim is to understand the risk exposure and maturity towards the market.
The ability to notify and forensically investigate the breach is critical to protecting data. Data breaches may have to be reported within a specified time frame.
Many data privacy laws place restrictions on transfers of personal data outside their country of jurisdiction, e.g. when introducing cloud services like Office365, Successfactors, Workday etc. We help designing the architecture from a legal standpoint and recommend the safeguards that are required to be put in place.
Information and communication technologies (ICT) shape our everyday lives. IT solutions sometimes form the basis of an entire business model. For all parties involved, it is of great interest that the corresponding contracts are clear and comprehensive.
Data is the “new oil”. Every organisation should have adequate technical controls to safeguard their most precious asset.
https://pages.pwc.ch/core-contact-page?form_id=7014L000000kkHMQAY&embed=true&lang=en
Philipp Rosenauer
Head Data Privacy | ICT | Implementationᐩ, PwC Switzerland
Tel: +41 58 792 18 56
Data Privacy | ICT | Implementationᐩ, PwC Switzerland
Tel: +41 58 792 4728
Adrien Tharin
Co-Head of FinTech, Blockchain and Digital Assets, PwC Switzerland
Tel: +41 58 792 92 24
Anna Maria Tonikidou
Data Privacy | ICT | Implementationᐩ, PwC Switzerland
Tel: +41 58 792 46 89
