GDPR / General Data Protection Regulation

it recht data protection lawyer contact gdpr

We provide specialist compliance advice with regard to the new data protection regulations, in particular the EU General Data Protection Regulation (GDPR) which requires companies to ensure data protection compliance until May 2018.

Our GDPR-Compliance Services:

  • Legal advice
  • Generation of policy documents
  • Data Protection Officer (DPO) as a service
  • Audits
  • Trainings

Legal Advice

Scope

  • Legal advice regarding data protection, privacy and/or records management
  • Consultancy to ensure compliance with data protection legislation and regulatory
  • developments (GDPR-compliance)
  • Response to specific legal questions regarding the processing of personal data
  • Carrying out of Privacy and Data Protection Impact Assessments
  • Advice on customer communications regarding data protection matters
  • Advice and support in case of data leakage or violations of data protection legislation
  • Advice on communications with Data Protection Authorities
  • Legal advice regarding integrated data processing concepts

Customer Value

  • Improves compliance to data protection legislation and regulatory developments
  • Resolves legal issues
  • Helps to avoid fines and negative press

Creation of policy documents

Scope

  • Creation of internal and external documents (for GDPR-compliance)
  • Creation of policies and guidelines (e.g. privacy policies, document classification policies)
  • Creation of privacy notices, declarations of informed consent, agreements regarding personal data
  • Creation of (standard) letters for customer communications
  • Communications with authorities
  • Data transfer agreements
  • Outsourcing agreements
  • Cross-border data flow agreements
  • Data Protection Reports
  • Privacy and Data Protection Impact Assessment Documents
  • Records of Processing Activities according to GDPR
  • List of Data Files according to Swiss data protection legislation
  • Data privacy manuals

Customer Value

  • Permanent access to privacy and data protection advice, in particular regarding GDPR- compliance
  • Outsourcing of management responsibilities into the hands of independent experts (the independence of the data protection officer inspires public
  • confidence and avoids internal conflicts of interest)
  • Demonstrates actions taken to comply with applicable regulations (GDPR)
  • Constant benefit from latest data protection legislation and regulation knowledge and expertise
  • Raised privacy awareness
  • Promotes the customers privacy culture (transparent and efficient handling of personal data
  • can help to gain a competitive advantage, particularly in terms of public perception)
  • Centralising data protection can reduce bureaucracy and save valuable time
  • Contact persons for customers, employees and Data Protection Authorities
  • An external data protection officer lets you focus on your core business
  • Helps to avoid legal fines and negative news

Audits

Scope

  • Actual status analyses and privacy assessments of new business initiatives
  • Due diligence and compliance-checks regarding data protection (GDPR-compliance), privacy
    and/or records management
  • Assessments of data protection practices as well as the processes for managing both
  • electronic and manual records containing personal data
  • Check of governance, structures, policies and procedures
  • Recommendations of improvement measures

Customer Value

  • Knowledge where company stands with regard to data protection (GDPR-compliance), privacy and/or records management
  • Knowledge of risks and weaknesses as well as specific improvement measures
  • Statement for internal and/or external use
  • Demonstrates actions taken to comply with applicable regulations (GDPR)
  • Helps to avoid fines and negative press

Trainings

Scope

  • Designed to meet guidelines and recommendations given by Data Protection Authorities
  • Include current data protection legislation and regulatory developments (GDPR-compliance)
    as well as legal requirements regarding information management
  • For all knowledge and skill levels (can range from an initial survey of data protection principles
    to complex key issues like employee data protection, global CRM systems, data transmission within the company, cross-border data flows, outsourcing, data sub processing, preparing certification measures, archiving obligations, etc.)
  • Educate key personnel and/or create general privacy awareness
  • General and tailored trainings
  • Trainings for specific needs
  • One-off or recurring trainings

Customer Value

  • Trained key personnel with regard to data protection regulations (GDPR) and/or other legal aspects of information management
  • Raised privacy awareness and reduced risks related to incautious handling of data
  • Helps to avoid legal fines and negative press
  • Immediate applicability due to tailored trainings

Technical Solution

Our partner Arcplace AG may provide you with a technical solution (www.arcplace.ch).