Context
The new Swiss Data Protection Act poses challenges for medium and large companies
On September 1, 2023, the revised Swiss Data Protection Act – often referred to as "revDPA" or "nDPA" – came into effect. Numerous law firms and portals offer legal advice and relevant templates for companies, typically focusing on formal aspects such as customer communication, contract conditions, as well as generic employee roles and process suggestions. Accordingly, templates for data and application directories, as well as tasks and responsibilities, are also provided.
However, there are also the so-called technical and organizational measures (TOMs) that a company must implement and document to achieve a legally compliant level of data protection and security. The requirements for the TOMs increase with the complexity of the application landscape.
For companies with complex IT and data landscapes, especially when processing personal data in a distributed manner, measures based on manually maintained lists and processes are often insufficient to manage data protection requirements in a legally compliant and reliable manner.
Furten information by Swiss Government:
The challenges
A legally compliant data protection management requires, in addition to the contract and communication level between the customer and the company, a comprehensive view of processes, systems, and applications to reliably implement requests for information, changes, deletions, etc.
With regard to the ongoing maintenance of the *"status quo,"* larger companies with numerous applications quickly face the following questions:
1
How do I keep the documentation of my data assets up to date in a complex and rapidly evolving IT landscape?
How can I automate data protection processes to keep the effort low when handling requests and maintenance?
2
Our services
We offer a standardized and proven approach to complement a Data Protection Management System (DPMS) with Enterprise Architecture Management (EAM) practices. We assess the initial situation and design possibilities in the following aspects. In doing so, we only recommend what you actually need.
INFORMATIONS-ARCHITEKTUR
DATA INVENTORY /
DATA REPOSITORY
Record of Processing Activities
Architecture
Documentation
Organizational
Measures
Technical
Measures
Our focus is on tasks relating to enterprise architecture and data governance. We rely on our partner network for legal clarifications.
FAQ
What does our service offering include, regarding...
The information architecture provides information about the use of your business objects along the business areas. A well-documented architecture makes it easier to find personal data along the process and application landscape.
Our added value
We analyze the maturity level of your information architecture for support and provide recommendations for further design and suitable documentation - to meet data protection requirements and, if necessary, for other use cases.
The data inventory maps key business data objects and the categorization of person-identifying data. With the help of additional metadata, personal data can be found and managed in the business process.
Our added value
We analyze the possibilities of using and providing a data catalog or alternative tools for the automated retrieval and management of personal data.
The processing directory for controllers and processors is at the heart of the Data Protection Regulation. It refers directly to business processes and responsible persons who use or change data.
You can also find more information on this under the following links to the data protection laws: revDPA (Switzerland) | GDPR
Our added value
We analyze applications and processes for the processing of personal data. In doing so, we advise you on the further design of the business process documentation Use beyond data protection requirements.
The Data Protection Act provides for a number of roles and responsibilities. Roles and functions. In addition to defining roles, tasks and responsibilities must be trained and integrated into existing processes.
Our added value
We align the tasks, competencies and responsibilities with your existing organization and develop a roadmap for building up the relevant skills and for quality assurance with delegated employees.
Data protection covers processes in day-to-day business, but also special events such as deletion and information requests. It specifies the scope of risk situations, and special events in particular can pose challenges for operations.
Our added value
We use our governance and process templates to engage your workflows and create an end-to-end concept for embedding data protection workflows in your business and IT service processes.
In times of growing cyber risks, data security is an urgent requirement for IT. Data protection provides for binding measures as part of the TOMs to protect personal data.
Our added value
We check the conformity of your data security with the requirements of data protection and new use cases. We provide recommendations for security measures and approval processes in day-to-day business and in change projects.
Your added value
Proven approach
Our process model is standardized and ensures high quality and predictability.
360° perspective
You will receive a 360° view of your options and along with recommendations for setting up your data governance from the perspective of data protection and data privacy.
Neutral point of view
We offer a provider-neutral view of your specialist and IT solutions and can therefore provide you with optimum support in the further design.
Further information
Do you have any questions about our services? Would you like to know whether and how our approach fits into your company? We would be happy to arrange a non-binding meeting to discuss your needs. We can discuss our services in more detail and talk about your questions and needs.
Related contents
Our method creates the digital foundation for your business transformation.
With our many years of experience in planning and managing data-driven projects and designing "digital" organizations, we guarantee our customers a predictable and comprehensive roadmap across all essential topic areas and dependencies.