How we support you
Depending on your starting point, we support organisations in four clearly defined roles: from initial design to independent assurance and future-oriented development.
We help organisations translate data protection requirements into workable governance, roles, processes and controls. This includes privacy management structures, risk-based assessments, operational integration across the data lifecycle, and documentation that supports accountability, regulatory expectations and sustainable compliance in day-to-day practice.
01 Design
Establishing clear data protection governance and accountability
Data protection governance framework and policy design
Definition of roles and responsibilities (e.g. controller, processor, DPO)
DPIA methodology and risk classification
Design of data inventories and processing records
Integration into existing management systems and governance structures
Design of documentation and evidence structures
02 Operate
Embedding data protection into daily practice
Execution of Data Protection Impact Assessments (DPIAs) and risk assessments
Operational processes for data protection lifecycle management
Handling of data subject requests
Incident and breach handling processes
Supplier onboarding and data processing agreements and controls
Enablement of key roles (management, legal, IT, business)
03 Assure
Providing confidence and audit readiness
Independent reviews of data protection governance
Compliance and implementation effectiveness checks
Review of Data Protection Impact Assessments (DPIAs) and other documentation
Supplier and third-party data protection reviews
Preparation for internal and external audits or regulatory reviews
04 Evolve
Keeping data protection effective as requirements and practices change
Monitoring regulatory developments and guidance
Maturity assessments and improvement roadmaps
Integration of new use cases and technologies
Scenario analysis for cross-border data processing
Executive sparring on strategic data protection decisions
Typical situations and challenges
Organisations typically contact us when one or more of the following situations arise.
Unclear data protection responsibilities and decision rights”
Uncertainty about compliance with applicable regulations (e.g. GDPR, Swiss FADP and related regulations)
Data protection requirements are addressed reactively or inconsistently
Difficulties handling data subject requests and incidents
Increasing use of cloud services, vendors or international data transfers
Audit findings, customer questions or regulatory scrutiny
New digital initiatives raise privacy or compliance concerns
Typical starting points for engagement
Engagements often start with a focused assessment or review, such as the following.
Data Protection Impact Assessment (DPIA)
Data protection governance & framework setup
Data protection compliance assessment (e.g. GDPR, Swiss FADP)
Setup or review of data processing agreement with suppliers
Privacy policy & documentation review
Why Halderstone
Our approach
We focus on data protection that works in practice, not formalistic compliance
Strong experience with governance, management systems and audits
Clear separation between design, operation and assurance
Independent, technology-agnostic perspective
Suitable for both smaller organisations and regulated environments
What we deliberately do not do
Act as an external legal counsel or replace internal legal advice
Offer generic, template-driven compliance solutions
