Assess the risk
MyData-TRUST is experienced in risk assessment services. Our teams are used to work with companies in Switzerland, they support them to put in place the revised FADP and the EU GDPR.
As the revised FADP stated, “if the intended data processing may lead to a high risk for the data subject’s personality or fundamental rights, the controller must conduct beforehand a data protection impact assessment”. The existence of a high risk, particularly when new technologies are used, depends on the nature, the extent, the circumstances and the purpose of the processing (especially for the processing of sensitive personal data on a broad scale or systematic surveillance of extensive public areas).
If you are not sure that your processing is high-risk or not, we strongly advise you to start with a gap analysis to determine which process is critical and develop a mapping of all the data flows. This analysis highlights the high-risk processing activities and defines the key elements of the data processing activities. It allows to build up the first version of the Data Processing Activities Records(or so-called, “inventories” under Swiss law).
How Does It Work?
- 1 or 2 days on site with 2 DPOs from the Life Science sector
- Expert Report: 100-pages professional report detailing our findings and recommendations and include a high-level action plan
- Debriefing meeting (2 hours)
- Presentation of the dedicated action plan
A DPIA (Data Protection Impact Assessment) can also be performed, as well as an ISA (Information Security Assessment), Vendor/Provider Assessment (on site or remote), or anything related to FADP compliance.