Implementation of the new Swiss Federal Act on Data Protection («NDSG»)

• Knowing and understanding the new requirements of the nFADP
• Applying / transferring the new data protection regulations to the company's internal context
• Identifying data protection risks in an organization 
• Recommending risk-mitigating measures

Day 1: Basics of the new Federal Act on Data Protection (nFADP)

• Data protection principles
• Scope
• Personal data categories
• Profiling
• Information requirements (cookies, profiling tools, etc.) 
• Consent (clickwrapping) 
• Reporting obligations (process data breaches)
• IT security principles (privacy by default and privacy by design) 
• Sanctions (fines)
• Data subject rights (process descriptions)
• Code of conduct and certification procedures
• Special issues: Cloud computing and foreign storage, commissioned data processing

Day 2: Development of data protection concept / DSMS Data protection management system

• Directory of processing activities 
  • Identity of the person in charge
  • Purpose of processing
  • Description of the categories of «data subjects» and the categories of «personal data processed»
  • Categories of «recipients»
  • Duration of the retention of personal data
  • Reply to requests for information
  • Execution of requests for deletion
  • Foreign disclosure
• Data protection impact assessment 
• Privacy policy

Mix of in-depth knowledge impulses and practical implementation examples.

Group work and plenary discussions, especially on Day 2, which focuses on learning how to set up your own data protection management system.

The course is generally aimed at people who deal with personal data in their day-to-day business and want to receive practical assistance in implementing the new provisions of the nFADP.

The course is also aimed at HR managers, IT project managers, security officers/responsibles, system developers, data protection officers, compliance officers.

There are no formal requirements for this course.