Skip to content Skip to footer



Loading Results

Data Protection & ICT Services

Making sure your data protection is aligned with business success

There is no way around protecting personal and sensitive data properly. Among other things it's essential to comply with the growing requirements of data protection laws such as the EU’s GDPR, already in force with major implications for companies, and the revised Federal Act on Data Protection (FADP) due to take effect in Switzerland in late 2022. While the aim of the new FADP is to align Swiss legislation with the EU, it’s not a carbon copy, so you need to be careful.

As a company you’ll have to adapt your processes, guidelines and organisational structure. At the same time you’ll need to navigate the regulatory jungle to avoid sanctions. If you fail to comply, you’ll face significant financial and reputational damage.

It helps to have data protection experts at your side. With our experience and expertise in data protection, we at PwC are the preferred partner for compliance. We offer industry-leading services to help you comply with either the GDPR or the Swiss FADP and its successor, the revised FADP. With our ongoing, coordinated support, complex regulation becomes simple. Choose us if you want to align your data protection with business success.

Our services

Data protection laws require the ability to identify, control and react to data protection risks, including clearly defined data protection roles and responsibilities. We’ll develop a data protection management system that enables you to govern your organisation.

What we can help you do:
  • Develop a data protection governance model and data protection strategy
  • Draft a data protection framework, including policies and procedures
  • Get ready  for certifications such as PS 980 or ISO 27701 

These days your board expects to know whether your data protection management system is robust enough and whether the staffing is appropriate. The aim is to understand the risk exposure and maturity vis-à-vis the market.

 What we can help you do:
  • Identify and assess in-scope processes
  • Calculate the necessary FTEs
  • Make recommendations on how to close any gaps identified
  • Risk rate the findings so that you can easily understand what tasks have the highest priority and which pose the highest level of risk

A significant component of global data protection laws is the need to conduct DPIAs to help identify and minimise data protection risks which a new process, technology, system or device might have on an individual.

What we can help you do:
  • Deliver a policy and procedure that enables you to assess privacy risks across all activities that process personal data;
  • Assist you with conducting the DPIA (DPIA-as-a-service);
  • Provide you with a tool to conduct the DPIA.

The transparency principle requires controllers to inform individuals about how they collect, use, store, transfer and secure personal data through a website privacy notice at the time the data is collected. 

What we can help you do:
  • Review and modify website privacy notices for the applicable data privacy laws
  • Review and modify consent forms to inform data subjects and obtain consent

When it comes to important or critical processing operations, smart companies want to know whether they comply with applicable data protection laws, and especially whether the processing is lawful.

What we can help you do:
  • Memoranda or legal opinions

Under the data protection laws, personal data must be deleted if it’s no longer required. But data may also be subject to retention obligations.

What we can help you do:
  • Design a deletion approach
  • Identify retention periods
  • Draft a general deletion concept
  • Assist in questions of implementation

Companies must make sure that their numerous contracts with third parties processing data for them are legally compliant.

What we can help you do:
  • Prepare standard data processing and joint controller agreement templates
  • Implement software-based contract management solutions for data processing and joint controller agreements
  • Conduct audits of data processors

Many data privacy laws place restrictions on transfers of personal data outside their country of jurisdiction, for example when you’re introducing cloud services like Office365, Successfactors or Workday. We help you design the architecture from a legal standpoint and recommend the safeguards you have to put in place.

What we can help you do:
  • Identify legal requirements across the globe, including localisation requirements
  • Identify necessary safeguards
  • Draft and implement binding corporate rules

The ability to notify and forensically investigate a breach is critical to protecting data. Data breaches may have to be reported within a specified time frame.

What we can help you do:
  • Advise on legal requirements for data breach response policy and procedure
  • Advise on notification in the event of data breaches, including how to deal with the public prosecutor

Data protection laws require that staff must be trained to ensure that they know about what’s expected from them in terms of data protection compliance. Awareness is also awareness.

What we can help you do:
  • Develop material for staff awareness and training (e.g. one-pager, handbook, content for intranet, etc.)
  • Conduct training and awareness sessions

Many privacy laws give data subjects a number of rights to which organisations are obliged to respond. It’s essential for an organisation to be able to facilitate such requests.

What we can help you do:
  • Design data subject processes
  • Advise on individual requests

Your benefits

Industry-leading services covering the whole spectrum of data protection


Professional advice from internal and external experts and lawyers


Guaranteed compliance with EU GDPR and/or Swiss FADP


Data is the “new oil”. Every organisation should have adequate technical controls to safeguard their most precious asset.

Philipp Rosenauer, Head Regulatory Implementation Services, Legal, PwC Switzerland

Do you have any questions?

Contact us

Philipp Rosenauer

Head Regulatory Implementation Services, Legal, Zurich, PwC Switzerland

+41 58 792 18 56


Adrien Tharin

Attorney-at-law, Co-Head of FinTech, Blockchain and Digital Assets, Legal, PwC Switzerland

+41 58 792 92 24


Lorena Rota

Regulatory Implementation Services, PwC Switzerland

+41 58 792 2750


Anna Maria Tonikidou

Regulatory Implementation Services, Legal, Zurich, PwC Switzerland

+41 79 388 37 65


Claudia Liliane Jung

Attorney-at-law, Regulatory Implementation Services, Legal, PwC Switzerland

+41 58 792 47 59