Compliance with the Swiss Data Privacy Act & General Data Protection Regulation
COURSE DURATION
2 Days
CLASS DESCRIPTION
Learn how to comply with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FADP) in this two-day course with data protection expert Hakan Hasserbetci.
From September 1, 2023, all Swiss companies must implement the new Data Protection Act (nFADP). For companies that are not already compliant to the 2018 European General Data Protection Regulation (GDPR), compliance with the new Swiss law could be a lengthy and complex process requiring inputs from legal and technical experts within data protection and privacy.
Therefore, with less than a year to implement these new requirements, companies must act now.
To prepare for compliance with the nFADP, the processes data during the compliancy period must be identified based on the risks involved and analysed. The more data a company processes and/or the more sensitive it is (e.g. related to religion, health, lawsuits, etc.), the more requirements there will be.
This course will enable attendees to gain an overarching knowledge of the GDPR and the nFADP regulations as well as take you through a definitive checklist to ensure compliance.
This is an interactive course which combines discussions, case studies, quizzes, and a final exam.
All course attendees will receive a Data Privacy handbook based on GDPR and FADP.
LEARNING OUTCOMES
- Good understanding and comparison of GDPR and FADP regulations.
- Able to check and modify data protection statements (website, contracts, advertising content, etc.).
- Establish a data processing register (except for companies with less than 250 employees and if there is no significant privacy risk).
- Establish procedures for responding promptly to data subjects’ requests (e.g., for information or deletion of data).
- Implement a data breach reporting procedure.
- Establish a process for impact assessments that are required when data processing is high risk (e.g., in the case of systematic monitoring of the broader public domain).
- Analyse contracts with subcontractors, to check whether data security is provided and add clauses in this regard.
- Review the countries where data is transmitted, including for simple cloud backup (these countries must be on a Federal Council list. If not, more stringent requirements apply).
- Have an overview of the tools and techniques employed by cyber security specialists when adopting technical measures to security of personal data.
- For all stages of the personal data life cycle, be able to outline the key elements associated with “designing for privacy” & develop security risk assessment techniques and apply them to the compliancy project under data protection by design and by default.
WHO SHOULD ATTEND?
- Lawyers wishing to improve their GDPR knowledge to enhance their integration within a cyber security team.
- IT Platform engineers wishing to refresh their ‘privacy in developing a platform’ knowledge and enhance their knowhow within a GDPR Personal Data compliancy team.
- Project and program managers wishing to understand how poor security processing of personal data can lead to unexpected personal data breaches and compliancy project risks.
- Business leaders wishing to understand their legal responsibilities to ensure how to get purely compliant by GDPR project team under DPO directive.
- University students studying Law, Engineering, Design etc.