Whisperit AI legal workspaceWhisperit AI legal workspace
← Skills
Compliance

GDPR / nLPD Audit

Check documents and processes for GDPR and Swiss nLPD compliance gaps. Structured audit findings with specific remediation steps.

When to use this skill

Assessing a new processing activity or vendor agreement for GDPR and nLPD compliance
Reviewing a client's privacy policy, terms of service, or cookie notice
Conducting a pre-deployment compliance check on a new software tool or AI system
Auditing a data sharing agreement or data processing addendum
Preparing for a regulatory inspection or responding to a supervisory authority query

What you get

Deliverable

  • Compliance checklist against GDPR Articles and nLPD requirements
  • Data flows identified with legal basis for processing mapped to each flow
  • Gaps and non-conformities with risk rating (High / Medium / Low)
  • Recommended corrective actions with priority and estimated effort
  • Template data processing clauses or policy language for identified gaps

What this skill does

GDPR / nLPD Audit analyses privacy policies, data processing agreements, internal procedures, and technology descriptions against the requirements of the EU General Data Protection Regulation and the Swiss Federal Act on Data Protection (nLPD) as revised in September 2023. It identifies compliance gaps, rates their severity, and produces specific remediation recommendations.

The skill covers the dual Swiss/EU compliance challenge that most Swiss organisations face: many Swiss companies process EU personal data (triggering GDPR obligations) while also being subject to the revised nLPD. The skill understands both regimes and where they differ — including the stricter Swiss requirements on data security measures, the different Swiss approach to data subject rights, and the specific requirements of the nLPD around profiling and automated decision-making.

The audit output is structured as a findings report with a compliance scorecard, giving privacy officers, legal teams, and boards an actionable view of where they stand and what to prioritise.

When to use it

  • Annual privacy compliance review for a Swiss company with EU customers or operations
  • Due diligence on a target company's data protection practices before an M&A transaction
  • Post-incident review following a data breach, assessing whether the company's processes and documentation were adequate
  • Preparing for a supervisory authority investigation or responding to a data subject access request backlog

What you get

A structured audit report with: Compliance Scorecard (traffic-light rating by GDPR/nLPD workstream), Gap Analysis for each regulatory requirement, Critical Findings (issues that create material regulatory risk), Documentation Gaps (missing records, policies, or agreements), Data Transfer Issues (international transfers without adequate safeguards), Technical and Organisational Measures Review, and a Remediation Roadmap with prioritised action items and indicative effort levels for each.

Example prompt inputs

  • "Our privacy policy and data processing agreement template — please assess compliance against GDPR and nLPD requirements"
  • "We process employee data for a Swiss company with offices in Germany and France — what are our key compliance obligations under nLPD and GDPR?"
  • "We've experienced a data breach. Please assess whether our incident response procedure and documentation met nLPD/GDPR requirements"
  • "We are acquiring a Swiss e-commerce company — please review their privacy documentation as part of our DD"

Why legal-specific AI matters here

GDPR and nLPD compliance assessment requires deep knowledge of both regulatory regimes and their interaction. The nLPD, in force since September 2023, differs from GDPR in several important respects — in its definitions of sensitive data, its approach to automated profiling, and its specific requirements for Swiss cross-border data transfers. A general AI tool may assess against GDPR alone, missing nLPD-specific gaps that could expose a Swiss organisation to FDPIC enforcement action. Whisperit's GDPR/nLPD Audit skill is calibrated to Swiss regulatory practice, understands the differences between the two regimes, and produces compliance assessments that reflect the actual dual compliance challenge facing Swiss organisations.

Other skills you might like

Drafting

Board Resolution

Generate board resolutions and formal corporate decisions from decision summaries. Compliant with Swiss corporate law and ready for execution.

Analysis

Case Brief

Concise, structured case summaries ready for court or client meetings. Extract facts, issues, holdings, and reasoning from any judgment.

Analysis

Chronology Builder

Auto-build structured timelines from case documents and correspondence. Dates, events, and parties in one coherent chronology.

Ready to try GDPR / nLPD Audit?

Start free on Whisperit. No credit card required.

Start free →