Privacy in Practice

The implementation of data protection principles and obligations requires a strategic, structured, systematic and risk-based approach taking into account the privacy laws applicable to the organization as well as the fast-evolving technological development. Such an approach requires that companies understand the general data protection principles, concepts and obligations as well as their own data protection-relevant risks at enterprise, program and processing level.

Privacy in Practice aims to provide organizations with the necessary knowledge and tools to effectively and sustainably implement data protection and security requirements in practice and to embed data protection into business processes and projects while at the same time ensuring the protection of data subjects' privacy rights.

Privacy in Practice is a training that consists of a series of workshops by practitioners for practitioners through knowledge transfer, practical examples as well as interactive group work and discussions.


In this workshop, participants will refresh their understanding of the general data protection principles, concepts and obligations and learn how data protection requirements can be implemented in practice in a legally secure and sustainable manner through an efficient data protection management program and governance structure.

Your takeaways

  • You understand the essential principles of data protection and the concepts of accountability, privacy by design and the risk-based approach as well as their operational implementation in an organization;
  • You know the elements of an effective and sustainable data protection management system, a data protection framework and a governance structure and how such a system can be built and implemented strategically and operationally within an organization;
  • You understand the roles and responsibilities of an efficient and legally compliant data protection organization and what is required for the successful integration into the new role;
  • You know how to put the principles of lawfulness, fairness and transparency into practice.


  • Daniela Fábián Masoch
    Attorney at Law and Privacy Expert
  • Maria Chiara Atzori
    Head Group Data Privacy Policies
  • Roslyn Vadala
    Senior Legal Counsel – Data Protection and Digital

Registration deadline


In this workshop, participants will learn what the risk-based approach means and how to apply such approach in practice, understand how to effectively carry out a risk assessment at enterprise, program and processing level, know when and how to carry out a DPIA, and learn about different monitoring and verification mechanisms and what auditors are looking for in a privacy audit.

Your takeaways

  • You understand how to apply the concept of the risk-based approach in practice; 
  • You understand why, when and how to conduct a risk analysis at the enterprise, program and processing levels;
  • You know when and how to perform a DPIA;
  • You can identify and categorize risks associated with the processing of employee and customer data in a variety of situations;
  • You are familiar with various types of monitoring and auditing and their governance;
  • You know what internal and external auditors are looking for and how to prepare effectively for a privacy audit.


  • Daniela Fábián Masoch
    Attorney at Law and Privacy Expert
  • Eva Gardyan-Eisenlohr
    Head of Data Privacy
    Bayer AG
  • Juha Viikki
    Personal Data Protection Manager
  • Thomas Fuchs
    Senior Manager Internal Audit

Registration deadline


In this workshop, participants will learn why prevention is important and what this means in practice, from the implementation of security measures to the introduction of procedures and processes for dealing with data breaches, responding to data subjects' privacy rights and outsourcing the processing of personal data. Through interactive sessions, participants will understand the different roles in the processing of personal data, from the controller to the processor and joint controllers and their practical implications when working with third parties.

Your takeaways

  • You understand why it is important to invest in prevention and what this means in practice;
  • You know how to apply the risk-based approach for implementing appropriate data security measures in accordance with the GDPR and FADP requirements and learn how international security and data protection standards such as ISO/IEC 27001/27002, BSI 10012 to SOC 1,2 and 3 can be used as effective security controls;
  • You know how to deal with a data breach, from detection to notification and resolution, and how to handle the data subjects’ privacy rights, from the right of access to the right to be forgotten, the restriction of processing and data portability;
  • You are familiar with the concept of controllers, processors and joint controllers and their practical implications and know how to manage the relationships between the parties, from the evaluation of the third party to the contractual structure and review.


  • Daniela Fábián Masoch
    Attorney at Law and Privacy Expert
  • Stefan Keller
    Global Information Security & Privacy Governance
  • Tiina Suomela
    Group Data Protection Officer

Registration deadline


Daniela Fábián Masoch, Attorney at Law and Privacy Expert, FABIAN PRIVACY LEGAL GmbH
Eva Gardyan-Eisenlohr, Head of Data Privacy, Bayer AG
Juha Viikki, Personal Data Protection Manager, INTUITIVE
Maria Chiara Atzori, Head Group Data Privacy Policies, Novartis
Roslyn Vadala, Senior Legal Counsel – Data Protection and Digital, Nestlé
Stefan Keller, Global Information Security & Privacy Governance, Roche
Thomas Fuchs, Senior Manager Internal Audit, Novartis
Tiina Suomela, Group Data Protection Officer, Ascensia

Hotel Bildungszentrum 21, Missionsstrasse 21, Basel


9:00 am – 5:00 pm

Presentations, checklists and guidance will be provided to the participants during the workshops.

Participation fee: 

Participation fee (including materials and refreshments)

  • All workshops                      CHF 2’400.-
  • Single workshop                  CHF    890.-

Earlybird until 01 July with a 10% discount. Each additional person from the same organization who books the same workshop(s) will receive a discount of 10%.


Data protection officers, responsible managers from HR, IT, Marketing, Purchasing, Audit, and other functions, corporate lawyers and project managers, and anyone who is interested in data protection management. 


Interested parties can register online at a reduced price for all workshops as a package or for individual workshops. To register, please click on the button below.

The number of participants is limited. Registration is binding and no refund will be made for cancellations. The terms and conditions of participation apply.