Data Protection and Security

Bonnard Lawson advises companies, public sector clients, and individuals on the full lifecycle of personal data and cybersecurity — from compliance design and contractual documentation to incident response, regulatory representation, and litigation. The firm operates under Swiss data protection law (FADP), the GDPR, and applicable sectoral regulations, in domestic and cross-border settings.

 

COMPLIANCE & GOVERNANCE

• • • FADP / GDPR compliance audits and remediation programmes
    • Data protection due diligence (M&A, vendor onboarding, fundraising)
    • Data mapping and records of processing activities
    • Risk assessments and Data Protection Impact Assessments (DPIA)
    • Data governance frameworks and internal policies

CONTRACTUAL DOCUMENTATION

• • • Privacy notices and consent mechanisms
    • Data Processing Agreements (DPA) and joint controller arrangements
    • Data sharing and international transfer agreements
    • Data protection clauses in commercial and technology contracts

DPO & OPERATIONAL SUPPORT

• • • Outsourced Data Protection Officer (DPO) services
    • Day-to-day advice on data subject requests, new projects, and existing processing activities
    • Training and awareness programmes for boards, management, and operational teams

CYBERSECURITY & INCIDENT RESPONSE

• • • Cybersecurity legal frameworks and digital trust strategies
    • Data breach management: containment, investigation, notification to authorities and data subjects
    • Coordination with forensic and IT security providers
    • Post-incident remediation and regulatory reporting

REGULATORY AUTHORITIES & LITIGATION

• • • Representation before data protection authorities
    • Domestic and international litigation in data protection and privacy matters
    • Arbitration of data-related disputes
    • Defence in administrative and criminal proceedings