LPD e GDPR
Consultancy

04
04
LPD & GDPR

Security Lab Advisory Sagl is able to provide a professional consulting and support service to Organisations with regard to adapting, updating and maintaining the company's privacy management and personal data protection system, in compliance with both the new LPD and European Regulation 2016/679 (GDPR).

THE NEW LPD LAW

On 25 September 2020, the Federal Assembly approved the revision of the Data Protection Act (LPD)
Since the referendum deadline had expired without any initiative on the point, the Federal Administration decided that the law would enter into force in September 2023.

It is therefore necessary for organisations (be it a company, a professional, an association, a public body) to set in motion the process of adapting to the new LPD as soon as possible, because it entails a non-negligible commitment in terms of implementing new countermeasures, internal reorganisation, assignment of tasks and responsibilities, staff awareness and training, integration of control activities into operational processes, and thus the involvement of the entire organisation.

RELATED SERVICES
01

LPD / GDPR Gap-analysis

The 'LPD / GDPR Gap-analysis' service consists of assessing the adequacy of the company's current privacy and data protection management system.

We first proceed with an analysis of the company's processes/services and suppliers, in order to identify, analyse and 'map' the personal data processed, the processing methods, the systems and technologies that store, process, transmit personal data. The current organisational/technological measures and controls for the secure processing of personal data are then analysed (security of the IT environment and devices; management of access to IT systems; security of networks, data exchanges and communications; security in the use and handling of IT tools and data storage media; etc.).

In conclusion, the level of adequacy of the current corporate system of privacy management and personal data protection is assessed with respect to best practices and reference standards (ISO, NIST, etc.) and to the requirements expected from the regulations (LPD - GDPR) and suggestions are given to cover the present 'gaps'.

02

LPD / GDPR Risk Assessment

This service makes it possible to assess the level of damage that could be suffered by the persons to whom the personal data belong, in the event of events that impact data security, i.e. that cause the lack of confidentiality, integrity, or availability of the personal data processed by the Organisation.

This is followed by an analysis of the probability of occurrence of such personal data compromise events, and then an assessment of the personal data security risk levels that the organisation must manage. With regard to excessively high risks, suggestions are given to counteract and reduce them.

03

LPD / GDPR Remediation

This service consists in identifying the plan of remediation interventions necessary to achieve full regulatory compliance with the LPD / GDPR and an adequate level of security of the personal data processed and, therefore, in supporting the Organisation in the implementation of the interventions of the 'Remediation Plan'.

The interventions include, but are not limited to, the preparation of: disclosures, privacy policy, cookie policy, consent statements, contracts of entrustment to the data controller, appointments of authorised person, Non Disclosure Agreement, Binding Corportae Rules, Privacy Manual, policies and operating procedures for regulatory compliance and data security.

04

Privacy Consultant

The "Privacy Consultant" service foresees the possibility for the Organisation's Management to have a trusted Consultant from SECURITY LAB ADVISORY at their disposal, to whom they can ask, when necessary and according to the Client's specific needs, for expert support on privacy management, personal data protection and LPD / GDPR compliance.

05

DPO

"In order to perform the function of "Data Protection Officer" envisaged by the European Regulation 2016/679 ("GDPR") and, similarly, of "Data Protection Advisor" envisaged by the new LPD, SECURITY LAB ADVISORY SAGL provides a team of experts coordinated by an employee/consultant. The tasks assigned to the DPO include

  • Supervise the compliance of the Organisation's Management with the general data protection regulations and policies.
  • Plan and carry out specific audit activities and produce related reports for Management and, if required, for the Supervisory Authority of the country concerned (in Switzerland, the Federal Data Protection and Transparency Commissioner).
  • To act as a point of contact for the Supervisory Authority on any matter related to the processing of personal data concerning the Organisation; to facilitate access by the Supervisory Authority to the documents and information required to perform the tasks assigned to it, and to facilitate the exercise of investigative, corrective, authorising and advisory powers.
  • To act as a collection point for any requests from all interested parties, analysing and defining the response to their requests, for matters relating to the processing of their personal data and the exercise of their rights.
06

LPD / GDPR Training

Thanks to its team of experts, SECURITY LAB ADVISORY is able to provide privacy and data protection training (LPD / GDPR) either in presence or through online webinars or e-learning courses, depending on the organisation's needs. If you are interested, take a look at our offer.