Privacy & Data Protection

Keeping your company's security systems in line with privacy and data regulations.

AdNovum helps security and privacy teams handling personally identifiable information of their clients to align their security activities and systems with international regulations and requirements.

The new General Data Protection Regulation (GDPR) regulation requires organizations to responsibly handle personal data of EU citizens. Before being able to use personal data, companies need to ask the user for their consent, inform them clearly on the purpose and usage of the collected data, give them access to their personal data and give them the right to ask for the deletion of his personal data. The regulation applies to all companies based in the EU and organizations based outside the European Union if they collect or process personal data of EU residents. The challenge, especially for international companies, is complex. Not only do the legal issues have to be clarified, but also operational implementation has to be initiated and anchored in the processes.

 

In Switzerland, the right to privacy is guaranteed in article 13 of the Swiss Federal Constitution. The Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) entered into force on July 1, 1993. The latest amendments of the DPA and the DPO entered into force on January 1, 2008.

 

The DPA applies to the processing of personal data by private persons and federal government agencies. Unlike the data protection legislation of many other countries, the DPA protects both personal data pertaining to natural persons and legal entities. Most Swiss cantons have enacted their own data protection laws regulating the processing of personal data by cantonal and municipal bodies.

 

The Swiss Government is currently working on a revision of the Swiss Federal Data Protection Act.

 

AdNovum supports with the implementation of GDPR requirements

gdpr_process_en
  • Privacy and Data Protection: Keeping your company's security systems in line with GDPR (PDF, 154 KB)
  • Analysis

    We assist you in identifying and analyzing assets (data, data flows, systems and processes) and create an overview of your data landscape. Afterwards we develop a plan and big picture scope with measures and activities for your individual situation and organization setup.

     

    Conduct a Cyber Security Assessment and put your IT landscape under the microscope. Gain absolute clarity on where your risks lie and enable a secure - hence successful - digital transformation.

     

    Implementation

    We assist you with the implementation of the defined measures and activities and consult you regarding the implementation of tools and processes to ensure compliance with data protection regulations (GDPR) including:

    • Minimizing data and establishing technical measures
    • Defining access rights and legal measures required
    • Designing and implementing new processes

     

    Monitoring

    We assist you in developing and establishing a monitoring process to ensure that the defined measures work as intended, including testing and certification.

     

    Privacy Officer as a Service (POaaS)

    AdNovum can provide a Privacy Officer as a Service for your company. As a result AdNovum will be your first point of contact for questions related to the processing of personal data.

    The Privacy Officer as a Service performs among others the following tasks for you:

    • Check and evaluate data processing
    • Documenting the processing of data in processes
    • Assess the technical and organizational measures related to data security
    • Check of ordered processing of data of third parties; including contractual protection
    • Consulting related to the processing of personal data
    • Preparation of the employees with trainings and awareness campaigns
    • Communication with supervisory authorities and affected parties

     

    cyber_security_gdpr_1_web
    Zoom

    Requirements to protect personal information are not a new concept, but they have been expanding with the explosion of cloud computing and storage capabilities. The cloud, security and compliance are major areas of focus within the GDPR.

     

    It does not even matter where a company is located. If the company hosts private information of an EU citizen, then it is liable to protect that data. This will have an effect on the way companies store and use data regarding customers, employees, suppliers or other individuals. It is forcing many non-EU companies to rethink their strategy in Europe.

     

    Any company that has personal data of an individual who is a resident of the EU has to comply with GDPR regulations. If not in compliance when a GDPR audit is conducted, the company can face large penalties, including €20 million or up to four percent of the company’s total worldwide annual revenue for the preceding financial year, whichever is greater.

     

    AdNovum can assist in planning your organization's incidence response plans. Most organizations already have some form of response plan but the new GDPR has some requirements that may not have been considered. How well organizations can react will directly affect the risk of fines for the data breach.

     

    GDPR is a complex and detailed regulation. It impacts most customer facing organizations, which will have to review and modify all customer touchpoints, from web to mobile, to comply with these new requirements. Organizations need powerful tools that can accelerate GDPR compliance initiatives; translating terse legal requirements into simpler step-by-step instructions, helping them create appropriate documentation for upcoming GDPR compliance assessments.

     

    Contact our cyber security experts to learn more about a CIAM tool that is designed for GDPR compliance and tailored to your organization's needs.

     

     

    GDPR - Right to Information

    In this webinar we review the key points of the new EU General Data Protection Regulation (GDPPR). In addition we show how you can fulfill the "right to information of the concerned person" requirement set forth by GDPR with a simple and convenient tool. (webinar in German)

     

    Aldo Rodenhäuser, IT Consultant

    Aldo Rodenhäuser Head of Security Consulting