Resources
Reference material on GDPR, FADP / nDSG, and data observability from our practice in Zurich. Regulatory references, implementation guides, and links to primary sources — not marketing content.
Insights Archive
Working notes on data compliance and observability from our practice. Articles are written for practitioners — data engineers, DPOs, and compliance leads — and prioritise technical specificity over general advice.
Why Bad Data Quality is a GDPR Risk
Most GDPR compliance programmes focus on consent and documentation. Fewer address the data quality problems that quietly undermine both.
FADPFADP and GDPR: What Swiss Companies Need to Know
Switzerland's revised Federal Act on Data Protection shares significant ground with the GDPR — but the differences matter for CH-domiciled organisations.
Data ObservabilityData Lineage for DPOs: Making Compliance Auditable
Data lineage was once the domain of data engineers. For DPOs navigating Art. 30 GDPR obligations, it has become a compliance necessity.
GDPRBuilding a ROPA That Actually Works
Most Records of Processing Activities sit in a spreadsheet no one updates. We outline a structure and maintenance discipline that makes your ROPA a live asset.
Guides Available on Request
Implementation guides for specific compliance tasks. These are working documents used in client engagements — not repurposed marketing material. Contact us specifying which guide you need and we will send the relevant document in PDF format, with no obligation.
GDPR Gap Assessment Template
Structured checklist covering all primary GDPR obligations — designed as a starting point for an initial compliance self-assessment.
FADP vs GDPR Comparison Matrix
Side-by-side comparison of FADP (nDSG) and GDPR key obligations — highlighting where requirements differ and where dual compliance is required.
Data Pipeline Compliance Instrumentation Guide
Technical guide to instrumenting existing data pipelines for compliance-relevant events: schema changes, PII field detection, lineage annotation.
Regulatory Reference
Primary source links for the frameworks we work with. These point to official texts and supervisory authority guidance — the authoritative sources, not interpretations of them. Qala provides advisory services; we do not provide legal advice. These references are for your compliance and legal teams to work from directly.
GDPR Full Text (EUR-Lex)
Regulation (EU) 2016/679 — the General Data Protection Regulation in full, with recitals.
eur-lex.europa.eu →FADP / nDSG Official Text
Federal Act on Data Protection — revised DSG in force since September 2023.
fedlex.admin.ch →FDPIC Guidance
Federal Data Protection and Information Commissioner — guidance documents, opinions, and enforcement decisions.
edoeb.admin.ch →EDPB Guidelines
European Data Protection Board — binding guidelines, recommendations, and opinions on GDPR application.
edpb.europa.eu →General resources have limits
A regulatory reference checklist applied to the wrong context produces false confidence. We assess your specific data landscape and compliance posture — and provide guidance that reflects your actual situation, not a general-case approximation.