Privacy & Data Protection

Keeping your company's security systems in line with privacy and data regulations.

AdNovum helps security and privacy teams handling personally identifiable information of their clients to align their security activities and systems with international regulations and requirements.

The new General Data Protection Regulation (GDPR) regulation requires organizations to responsibly handle personal data of EU citizens. Before being able to use personal data, companies need to ask the user for their consent, inform them clearly on the purpose and usage of the collected data, give them access to their personal data and give them the right to ask for the deletion of his personal data. The regulation applies to all companies based in the EU and organizations based outside the European Union if they collect or process personal data of EU residents. The challenge, especially for international companies, is complex. Not only do the legal issues have to be clarified, but also operational implementation has to be initiated and anchored in the processes.


In Switzerland, the right to privacy is guaranteed in article 13 of the Swiss Federal Constitution. The Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) entered into force on July 1, 1993. The latest amendments of the DPA and the DPO entered into force on January 1, 2008.


The DPA applies to the processing of personal data by private persons and federal government agencies. Unlike the data protection legislation of many other countries, the DPA protects both personal data pertaining to natural persons and legal entities. Most Swiss cantons have enacted their own data protection laws regulating the processing of personal data by cantonal and municipal bodies.


The Swiss Government is currently working on a revision of the Swiss Federal Data Protection Act.


AdNovum supports with the implementation of GDPR requirements

  • Privacy and Data Protection: Keeping your company's security systems in line with GDPR (PDF, 169 KB)
  • Analysis

    We assist you in identifying and analyzing assets (data, data flows, systems and processes) and create an overview of your data landscape. Afterwards we develop a plan and big picture scope with measures and activities for your individual situation and organization setup.


    Conduct a Cyber Security Assessment and put your IT landscape under the microscope. Gain absolute clarity on where your risks lie and enable a secure - hence successful - digital transformation.



    We assist you with the implementation of the defined measures and activities and consult you regarding the implementation of tools and processes to ensure compliance with data protection regulations (GDPR) including:

    • Minimizing data and establishing technical measures
    • Defining access rights and legal measures required
    • Designing and implementing new processes



    We assist you in developing and establishing a monitoring process to ensure that the defined measures work as intended, including testing and certification.


    Privacy Officer as a Service (POaaS)

    AdNovum can provide a Privacy Officer as a Service for your company. As a result AdNovum will be your first point of contact for questions related to the processing of personal data.

    The Privacy Officer as a Service performs among others the following tasks for you:

    • Check and evaluate data processing
    • Documenting the processing of data in processes
    • Assess the technical and organizational measures related to data security
    • Check of ordered processing of data of third parties; including contractual protection
    • Consulting related to the processing of personal data
    • Preparation of the employees with trainings and awareness campaigns
    • Communication with supervisory authorities and affected parties



    Requirements to protect personal information are not a new concept, but they have been expanding with the explosion of cloud computing and storage capabilities. The cloud, security and compliance are major areas of focus within the GDPR.


    It does not even matter where a company is located. If the company hosts private information of an EU citizen, then it is liable to protect that data. This will have an effect on the way companies store and use data regarding customers, employees, suppliers or other individuals. It is forcing many non-EU companies to rethink their strategy in Europe.


    Any company that has personal data of an individual who is a resident of the EU has to comply with GDPR regulations. If not in compliance when a GDPR audit is conducted, the company can face large penalties, including €20 million or up to four percent of the company’s total worldwide annual revenue for the preceding financial year, whichever is greater.


    AdNovum can assist in planning your organization's incidence response plans. Most organizations already have some form of response plan but the new GDPR has some requirements that may not have been considered. How well organizations can react will directly affect the risk of fines for the data breach.


    GDPR is a complex and detailed regulation. It impacts most customer facing organizations, which will have to review and modify all customer touchpoints, from web to mobile, to comply with these new requirements. Organizations need powerful tools that can accelerate GDPR compliance initiatives; translating terse legal requirements into simpler step-by-step instructions, helping them create appropriate documentation for upcoming GDPR compliance assessments.


    Contact our cyber security experts to learn more about a CIAM tool that is designed for GDPR compliance and tailored to your organization's needs.



    GDPR - Technical Implementation

    In our webinar we give you an overview of key points of the new EU General Data Protection Regulation (EU-GDPR) and show in an example the implications for internationally operating Swiss companies.


    In addition, we present you our 10 point plan for the implementation of the GDPR. Regarding two important points, the Big Picture (GAP Analysis) and the processes, we'll go into more detail later. (webinar in German)

    AdNovum GDPR Application

    AdNovum and Squirro launched an application that enables companies to meet the requirements of the General Data Protection Regulation and to manage their data privacy risks. The solution was jointly developed by the cyber security experts and consultants of AdNovum and the Augmented Intelligence provider Squirro.


    The application displays customer inquiries automatically and clearly in a dashboard, allowing organized processing in Kanban style. Data related to the customer can be localized without great effort in the various peripheral systems. Whether structured or unstructured data – Squirro’s cognitive search feature finds them in any connected data source. The search results are displayed in the GDPR dashboard and can be exported as a report for the requester.

    Squirro is a cognitive insights company, with an advanced context intelligence & insights solution. Together with their experts, we developed the AdNovum GDPR application.

    Contact us

    Contact our privacy and data specialists for an assessment of your organization or more information regarding AdNovum GDPR application powered by Squirro.

    First name is required
    Last name is required
    Company is required
    E-mail is required
    Aldo Rodenhäuser, IT Consultant

    Aldo Rodenhäuser Head of Security Consulting