Targeted and customized consulting services in the field of Privacy

A network of qualified and certified professionals to provide personalized and high-level 360-degree assistance in the field of Data Protection (GDPR), Data Protection Law (FADP), Data Protection Ordinance (OPDa), and Canton Data Protection Law (LPDP).


Consultancy | Representation | Training


Preliminary Assessment

It aims to monitor and evaluate the impact on the Swiss Data Protection Law (FADP) in the private sector, Data Protection Ordinance (OPDa), Canton Data Protection Law (LPDP), and General Data Protection Regulation (GDPR) 2016/679.

After assessing the data processing operations carried out by the client company, a short checklist will be provided, so that the Data controller can have a complete picture of the impact of the rules on the processed data.

Legislative audit on safety procedures

A security audit can be defined as a systematic assessment of the safety of the company information system aimed at verifying its compliance by taking into account a series of criteria laid down in the legislation.

Privacy Desk Suisse conducts audits on compliance with FADP | GDPR regulations regarding security measures (Art. 32 GDPR and Art. 8 FADP), following data protection legislation, Data Protection Ordinance, and best practices recommended by Supervisory Authorities.

Data Protection and Privacy consulting services (FADP| GDPR)

This service aims to draft a Privacy Organisational Model of processing through a series of documents enabling the Data controller and/or the Data Processor to provide its accountability with regard to FADP, GDPR and LPDP.

More specifically, they consist of:
  • Drawing up and updating information notes for data subjects;
  • Conducting CRM and DB Data analysis according to the principles of “Privacy by design” and “Privacy by default”;
  • Mapping safety measures;
  • Defining Privacy roles and responsibilities both internally and externally;
  • Establishing relationship with Data Processor and monitoring the relevant Data Protection activities;
  • Creating and updating GDPR Records of Processing Activities;
  • Providing assistance in signing Data Transfer Agreements (DTA) by means of Standard Contractual Clauses;
  • Carrying out verification/controls of the website and of information notes for the users, as well as providing advice on cookie policies;
  • Drawing up Data Privacy Impact Assessment (DPIA) | Impact assessment;
  • Providing assistance in managing data subjects’ requests and Data Protection Authorities’ requests;
  • Submitting prior checks to the Swiss Federal Commissioner and to the European Data Protection Authorities.

Personal Data breach management

Article 24 of the Swiss Data Protection Act (FADP) for the private sector, and cantonal regulations for the public sector, require the Data Controller to effectively manage cases of personal data breaches (e.g., phishing, cryptolocker, general hacking, errors in sending confidential communications) and document the analysis of them. In the most serious cases, the Data Controller must notify the Federal Data Protection and Information Commissioner (FDPIC).

Our consultants will draft a tailored data breach policy that enables the involvement of the functions engaged in the data processing and, if established, in the DPO service. Additionally, a register will be set up to record the events- Our team will also support the Data Controller in notifying the Federal Data Protection and Information Commissioner (FDPIC) and informing the data subjects.

Continuous coaching in the field of Privacy and Law

Continuous and prompt assistance and coaching to the Data Protection Representative or to the Data Protection Officer in your organization through telephone calls, e-mails and virtual or face-to-face meetings on any request received by the company, regarding access to data of data subject and, in general, on Privacy or Data Protection issues.

Privacy Management Software and document repository

We use IT tools in web-app mode enabling us to provide services that are always kept up-to-date with the changes and developments in the General Data Protection Regulation (GDPR) and Swiss Federal Act on Data Protection (FADP). We provide you with modules focusing on GDPR Records of Processing Activities, Risk analysis, Data Privacy Impact Assessment (DPIA), Roles and Responsibilities, Personal Data Breach Management and response to data subjects.
It is possible for our customers to store their corporate records relating to Data Protection and Privacy in a dedicated encrypted cloud archive.

DPO service | Data Protection Consultant

The Data Protection Officer | DPO, or the “Data Protection Advisor” | DPA, as the Swiss Federal Act on Data Protection (FADP) refers to this role, is a professional who must have legal, IT, risk management and process analysis skills and competencies.

The primary goal and responsibility of a DPO (or of a DPA in Switzerland) is to observe, assess and organize the personal data processing activities (and, as a consequence, the data protection) within a company, so that the data can be processed in compliance with national and EU legislation.

Furthermore, the Data Protection Officer represents the point of contact of the company with the Supervisory Authority and the data subject.

Privacy Desk Suisse offers a service contract and a team of professionals with proven experience that will carry out all those tasks on behalf of the customer in order to comply with FADP and GDPR.

We also provide our customers with a consulting service for their internal DPO.

Appointment of the Data Protection Representative in Switzerland and in the European countries

The Swiss Data Protection Law (FADP), Article 14, requires foreign companies based abroad that process personal data on persons in Switzerland by rendering goods or services to them if they engage in certain data processing activities and do not have operational offices in Switzerland, but provide goods or services to Swiss citizens, to appoint a representative based in the Confederation.

The same obligation to appoint a representative in one EU country applies to Swiss companies in the private sector that process personal data relating to data subjects in the European Union and whose data processing activities are linked to the sales of goods or provision of services to these data subjects in Europe (Art. 27 GDPR).  

Privacy Desk Suisse offers a service contract to take the role of Representative in the European Union for Swiss companies operating in the EU as well as of Representative in Switzerland for foreign companies operating in the Swiss Confederation.

Tailor-made newsletters to monitor new laws or changes to regulations on Privacy

We regularly send information about legislative updates and any new measures taken by the Federal Data Protection and Transparency Commissioner (FDPIC), the Cantonal Data Protection Commissioner (ICPD), the European Privacy Guarantors and the European Data Protection Board.

Custom-made and on-line training courses

Vocational training plays a fundamental role when it comes to complying with Data Protection and Privacy regulations, both in the private and public sector.

Today it is of utmost importance to create a true Privacy culture within your organization. Vocational training is also an important element of accountability: it must therefore be understood that, in the event of an inspection, the training undergone by those authorized to process data may also be verified. 

Privacy Desk Suisse, which has always been at the forefront of supporting its clients, has structured training courses in live webinar mode that will allow you to attend high-level lessons as if you were in a classroom. 

For our clients, we also organize in-person sessions, enabling the widest interaction between the instructor and the learner.