Blockchain: Key challenges to get your solution GDPR compliant

What is the General Data Protection Regulation (GDPR) about?

The General Data Protection Regulation (GDPR) (EU) 2016/679 harmonises personal data protection law on the territory of the European Union (EU). It stipulates rules on data processing and on the transfer of personal data in and outside the EU. Coming into effect on 25 May 2018, it will replace the 1995 Data Protection Directive (Directive 95/46/EC). Non-compliance with the GDPR may lead under some circumstances to severe fines of up to 4% of worldwide annual turnover.

What are the key challenges the GDPR triggers for blockchain?

Depending on the blockchain-based activity the GDPR raises considerable legal concerns. Among the most relevant ones relate to the processing principles of data minimisation and storage limitation. Some key challenges relate specifically to blockchain features, such as:

    • Immutability of transactions
    • Replication
    • Encryption
    • Data controllers and data processors

Read the full article



Dr. Guenther Dobrauz
Leader|PwC Legal Switzerland, Zurich
+41 58 792 14 97

Susanne Hofmann
Director|PwC Legal Switzerland, Zurich
+ 41 58 792 17 12

Dr. Idir Laurent Khiar
Manager|PwC Legal Switzerland, Zurich
+41 58 792 17 51

Orkan Sahin
Assistant Manager|PwC Legal Switzerland, Zurich
+41 58 792 19 94

PwC’s 2018 Global Economic Crime and Fraud Survey: Should Swiss companies be worried?

PwC’s Global Economic Crime and Fraud Survey 2018 reveals that 49% of global and 39% of Swiss organisations experienced economic crime in the last 24 months.

Could this mean that the problem is diminishing? Or are Swiss organisations simply not aware they have already fallen victim to economic crime?

In this blog post we will be examining the true nature of the threat and exploring whether companies be taking smarter measures to combat economic crime.

Does an apparent decline in fraud reflect the true story?
Despite a number of recent high profile fraud cases globally, PwC’s Global Economic Crime Survey suggests that the problem isn’t proliferating in Switzerland. The percentage of Swiss organisations who have experienced fraud in the last two years has decreased from 41% in 2016 to 39% in 2018. This figure looks even more positive when compared with the global (49%) or western European (45%) results. But is the result really that good?

We believe it isn’t. The survey data reveals some disconcerting facts.

Bribery and corruption are increasingly on the radar. In 2018, 27% of the Swiss respondents reported that they had been asked to pay a bribe, up from 9% in 2016. One in five respondents (20%) believe that their firms lost an opportunity to a competitor who paid a bribe within the last 24 months, up from 11% in 2016. While this shows growing awareness of, and confidence in acknowledging bribery and corruption, it also suggests that companies have to become even more alert to the threat of the problem and its implications in terms of competitiveness.

Secondly, the mean direct loss attributable to each incident of fraud in Switzerland was almost CHF 10 million – more than five times the global figure. While this may be due in part to the size of the Swiss economy and the prominence of banking and financial services sector– a particularly attractive target for fraudsters – it demonstrates that this is not a trivial problem. The size of monetary damage is significant.

Fighting fraud blindfold, or with eyes wide open?
While the lower fraud level reported in Switzerland may be due to an effective legal framework and law enforcement system, it could also reflect a temptation for organisations to overestimate the effectiveness of their systems and controls. Only one in three (33%) Swiss respondents performed a general fraud risk assessment over the two-year survey period which is substantially less than respondents globally (54%). Against this backdrop there’s a considerable risk that economic crime will go unnoticed and unreported, especially if an organisation doesn’t have access to management reporting concerning fraud.

Fraudsters down but not out, and moving quickly with the times
Swiss respondents reported that asset misappropriation (51%) and cybercrime (44%) were the two most common types of fraud experienced by their organisation with the latter also being perceived as a significant threat in the future. In order to be adequately prepared, organisations need to keep track of changes in the overall fraud risk landscape and the fact that Swiss respondents recognise cybercrime as the most significant risk going forward is encouraging.

However, our survey – both globally and in Switzerland – suggests that there’s still a failure to recognise the true nature of the threat, especially with growing business and consumer digitisation, the increasing sophistication of attacks, and heightened data security expectations amongst stakeholders. As the latest digital technologies help fraudsters become more strategic in their goals and more sophisticated in their methods, companies urgently have to make cybersecurity – the mitigation of cybercrime – a boardroom priority.

Unlike other types of fraud, cybercrime is a means to commit other types of fraud rather than being a stand-alone offence. Three in ten Swiss respondents suffered disruption to their business processes after having been the victim of a cyber-attack. More than a quarter of Swiss respondents (28%) were a victim of extortion and more than a fifth (23%) reported that a cyber-attack was used as a conduit to commit asset misappropriation against their organisation.

Efforts have to be more intelligent and better coordinated
While the 2018 survey shows that Swiss firms are taking cybercrime seriously, it also suggests that they need to work harder to be in line with global standards. Best practice organisations have adopted a ‘three lines of defence’ model, dividing responsibilities between functions that own and manage risk, those that oversee or specialise in risk management and those that provide independent assurance. It’s important to ensure that each of these functions also adequately addresses cyber risks.

In reality, only 54% of Swiss respondents have an operational cybersecurity programme, 5% below the global average and 7% below the average for Western Europe. Overall the global survey reveals serious blind spots when it comes to recognising the specific risks of fraud and economic crime. The trick is to recognise these blind spots before any fraud incident takes place. While it’s encouraging that 92% of Swiss firms expect to either significantly increase (6%), increase (25%) or maintain (61%) the amount of funds used to combat fraud, the issue is more about how these funds are actually spent. Presently, the stumbling block is often a lack of coordination and a failure to see the big picture.

The areas of a business that investigate fraud, manage fraud risks and report to the board or regulators are often disjointed and siloed. If each department builds a programme based on their own perception of fraud, operational gaps will eventually arise. So it’s vital to ensure all stakeholders understand the big picture of fraud risk management and how their own function fits into it. For global companies, establishing a centralised fraud detection and investigation function is a very good starting point.

And for any organisation, we can suggest four golden rules of effective fraud prevention:

Instant takeaway: four steps to fight fraud

  • Recognise fraud when you see it
  • Take a dynamic approach
  • Harness technology
  • Invest in people, not just machines

Follow these rules of thumb and you’ve already increased your chances of navigating an increasingly complex economic crime landscape. If you want to find out more, check out PwC’s Global Economic Crime and Fraud Survey 2018, and the deep dive into the Swiss findings ((link)), or contact us for a more in-depth conversation about how to tackle fraud and economic crime.

FinTech Action Plan – European Commission launches measures for a more competitive and innovative financial marketplace

For many financial services companies, financial technology (short “FinTech”) and technological innovation in general offer tremendous opportunities in terms of access to finance, operational efficiency, cost savings and competition. On March 8th 2018 the European Commission presented an action plan with a total of 23 measures to make better use of the opportunities offered by technological innovations in the financial services sector. The EU wants to become a global hub for FinTech in the future.

The Action Plan has three main objectives:

  • to support innovative business models to scale up across the single market;
  • to encourage the uptake of new technologies in the financial sector; and
  • to increase cybersecurity and the integrity of the financial system.

The FinTech Action Plan

In order to achieve the above mentioned objectives, the following measures are planned, among others:

  • The Commission will operate a FinTech laboratory in which European and national authorities will be able to collaborate with technology providers in a neutral environment.
  • Continuation of the already opened EU Blockchain Observatory and Forum. The Forum will report on the opportunities and challenges of crypto assets later in 2018 and is already working on a comprehensive study of distributed ledger and blockchain technologies.
  • The use of innovative technologies to interconnect national databases is intended to promote the digitization of information published by listed companies in Europe. In the future, this will enable investors to access essential information in order to make their investment decisions easier.
  • In order to improve the exchange of information on cyber security, the Commission will organise regular workshops.
  • The Commission will present a best practice guide on regulatory sandboxes based on guidance from the European Supervisory Authorities. A sandbox is a safe and controlled space where FinTech companies can test innovations in the market, with or without regulatory relief.

Regulation on Crowdfunding

In the field of crowdfunding, the European Commission has put forward a comprehensive proposal for a regulation which will create a European legal framework for this form of financing for the first time. The European Commission wants to make it easier for start-ups and small businesses to raise funds from investors via the internet. Due to different regulations, it is currently difficult for platforms to expand into other EU countries. Crowdfunding should therefore be subject to uniform rules in the future and the ownership of the license of one country should be sufficient to operate the respective platform throughout Europe.

In contrast, investors should be protected by clear rules on disclosure of information, governance and risk management rules and a coherent approach to the oversight of crowdfunding platforms.

The EU member states and the European Parliament still have to approve the proposal.

Contact Us

Günther Dobrauz
Leader PwC Legal Switzerland
+41 58 792 14 97

Tina Balzli
Head Banking
Legal FS Regulatory & Compliance Services
+41 58 792 15 54

Mark A. Schrackmann
Assistant Manager
Legal FS Regulatory and Compliance Services
+41 58 792 25 60

Revitalizing privacy and trust in a data-driven world

How businesses can better manage rising risks to data privacy and security

Massive data breaches, constant collection of personal data—it may seem like privacy is dead in the digital age. But privacy, security and trust are increasingly vital and intertwined in our data-driven society. Many organizations worldwide need stronger privacy risk management that is better integrated with cybersecurity, according to our 2018 Global State of Information Security® Survey (GSISS).

For CEOs and boards, the existential question is less about the future of privacy and more about the future of their own organization: Will the company muster the will and imagination needed to jolt stalled privacy risk management into action? Will it leverage that momentum and integrate cybersecurity, striving to become a trusted brand for responsible innovation and data usage? Or will it cede its place in the market to more committed competitors?

Drawing on key findings from the 2018 GSISS and beyond, we offer nine insights on revitalizing privacy and trust in a data-driven world, concluding with next steps for global business leaders.

Download full survey


Reto Haeni
Partner and Leader Cybersecurity and Privacy
+41 58 792 75 12

Strengthening digital society against cyber shocks

How businesses can build the resilience needed to withstand disruptive cyberattacks

Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organizations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society. As our reliance on data and interconnectivity swells, developing resilience to withstand cyber shocks—that is, large-scale events with cascading disruptive consequences—has never been more important.

In the 2018 Global State of Information Security® Survey (GSISS), 40% of survey respondents from organizations using robotics or automation say the disruption of operations would be the most critical consequence of a cyberattack on those systems. Despite an awareness of disruptive cyber risks, companies often remain unprepared to deal with them.

Many key processes for uncovering cyber risks in business systems have been adopted by less than half of survey respondents.

Download full survey


Reto Haeni
Partner and Leader Cybersecurity and Privacy
+41 58 792 75 12

Join PwC’s Treasury Conference 2018 in Zurich on 14.03.2018 and Geneva on 22.03.2018

Explore this year’s topic: The Future of Treasury

Our 2018 programme will be dedicated to the Future of Treasury, with a focus on Fintech, Cybersecurity, and Connectivity, as well as on the changes in the required skills of the Future Treasurer. We will provide context to the current Macro-economic environment and share relevant practitioner case studies.

PwC's Treasury Conference 2018 wille take place in Zurich on 14.03.2018 and in Geneva on 22.03.2018

A great networking opportunity

On top of the knowledge transfer, panel discussions and case studies, we are well aware that this event is an important moment for you to connect with your peers, so ample networking time will be provided throughout the day.

This year’s programme

You can find the detailed programmes and information for both locations on our PwC Event webpage. We are delighted of this year’s excellent line-up of speakers, and hope that you will be interested in the topics they will cover.

Register now and enjoy our Early Bird fees

Special Early Bird fees will apply to all registrations received before February 15th. Click the links below to register now to our PwC Treasury Conference:

> Register to the Zurich session on March 14th, 2018
> Register to the Geneva session on March 22nd, 2018

PwC’s Treasury Solutions Group looks forward to welcoming you at the 19th edition of the event in Zurich and the 12th edition in Geneva and remains at your disposal should you need any further information.

Feel free to contact our experts if you have any question related to this topic:

Michiel Mannaerts,
PwC Switzerland

Sebastian di Paola,
PwC Switzerland

China’s Cyber Security Law – technical implications

China’s top legislature adopted the country’s Cyber Security Law on Nov 7th 2016. After a third reading by the Standing Committee of the National People’s Congress, the law took effect on June 1st 2017. In addition to defining a wide scope of critical infrastructure, it lays the foundations for enforcing penalties on overseas organisations and individuals who attack, breach or insufficiently protect critical infrastructure and/or personal data. Reto Haeni, Leader Cybersecurity & Privacy at PwC Switzerland, explains what companies should consider as the topic has more impact than usually discussed.

China’s new Cyber Security Law focuses to a greater degree on several key topics: keeping personal information secure, combating cybercrime, ensuring network products and services are secure, clarifying the obligations network operators face and addressing sovereignty issues in cyberspace. There are two main aspects to responding to the law, and the second is often overlooked. First, companies operating in China must implement the law’s requirements if they want to remain compliant. Second, organisations with information or systems not located in China must also review their technology architecture, data protection efforts and business processes if they want to minimise the potential risks stemming from the new law.


China’s Cyber Security Law is the next step in the country’s wider effort to tighten rules and regulations governing information security and data privacy. Regulations have previously existed, for example the Administrative Measures for Prevention and Treatment of Computer Viruses and the Administrative Measures for Hierarchical Protection of Information Security. The new law enforces the rights and obligations the government, network operators and users all have in the area of cyber security and data protection. While the law has already come into effect, its concrete implementation is not yet known and a fair amount of interpretation is still needed to apply the law in practice to operations in China. Complying with the law entails several new challenges for both government and business, such as ensuring appropriate network operations, identifying security risks and encouraging network innovation. Each of these steps must be addressed if the rights of all stakeholders are to be protected.

Download full article


Reto Haeni
Partner and Leader Cybersecurity and Privacy
+41 58 792 75 12

ePrivacy and the standard of data protection for the banking industry

Since some weeks, the European Commission has been working on the finalisation of the ePrivacy Regulation (ePR) which may become effective, together with the EU GDPR (General Data Protection Regulation), in May 2018. The ePR, compared to the existing ePrivacy Directive, is being designed to be “future-proof” and as such it will apply to all existing and future communication technologies.

As ePR will have an extensive scope, we can expect it will have a disruptive effect on companies’ digital set-up, including banks – which will have to redefine their digital strategies in line with the new requirements. And no bank will want to arrive unprepared for the regulation: non-compliance with ePR could cost financial institutions fines of up to 4% of revenues or EUR 20 million (whichever the highest).

One way in which the ePR affects banks is in relation to the considerable volume of electronic communications exchanged daily with their clients: the processing of these communications will be subject to stricter requirements under ePR. Another example relates to applications such as e-banking apps and on other Social Media activities, which will need to be redesigned in line with the new ePR requirements.

As ePR complements and particularises EU GDPR, banks can build on their existing processes with regard to EU GDPR to start defining strategies for ePR compliance. However, it is key to understand that this new regulation has an extensive scope: GDPR compliance by itself will not ensure compliance with ePR.

If you want to learn more about ePR, how it affects the banking industry and how PwC can help you in achieving compliance, read our newest publication on ePR.

Read the full paper


Please do not hesitate to get in contact with our experts:


Regulatory Transformation:

Patrick Akiki
Partner, Finance Risk and Regulatory Transformation
+41 79 708 11 07

Morris Naqib
Senior Manager, Finance Risk and Regulatory Transformation
+41 79 902 31 45


Günther Dobrauz
Partner, Legal FS Regulatory & Compliance Services
+41 79 894 58 73

Philipp Rosenauer
Manager, Legal FS Regulatory & Compliance Services
+41 79 238 60 20

PwC Digital Services

Reto Haeni
Partner, Cybersecurity and Privacy
+41 79 345 01 24

Nicolas Vernaz
Director, Data Protection and Regulatory Compliance
+41 79 419 43 30

We would like to thank Isabella Sorace and Mateja Andric for their valuable contribution to this publication.

Strengthening digital society against cyber shocks

59 % Say digital transformation has increased information security spending

Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organizations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society. As our reliance on data and interconnectivity swells, developing resilience to withstand cyber shocks — that is, large-scale events with cascading disruptive consequences — has never been more important. Read more.


Key findings from the Global State of Information Security Survey 2018.


For more information please contact:

Reto Häni
Partner and Leader Cybersecurity and Privacy
PwC Digital Services
+41 58 792 75 12

PwC Sees USD 9.46 Billion Drone Solutions Market for Power, Utilities Industries

Warsaw, 10 Otcober 2017 – The global market in drone-powered solutions for the power and utilities industries is worth as much as USD 9.46 billion a year, PwC estimates in a new report that illustrates how creative uses of unmanned aerial vehicles are disrupting the way companies build, operate and maintain their networks.

A flamethrowing drone used to clear rubbish from power lines is one of the more dramatic examples of innovative uses for unmanned aerial vehicles found in Clarity from above: Leveraging drone technologies to secure utilities systems, from PwC’s global Drone Powered Solutions team. More prosaic applications range from geospatial surveys in pre-investment planning, through monitoring of the construction process and managing assets, to proactively dealing with threats such as overgrown vegetation.

Global power transmission networks are forecast to increase to 6.8 million circuit kilometres in 2020, up 15% from the 2016 level, as energy production is reshaped by the rise of renewables, and demand grows in emerging markets such as China and India. Regulators are increasingly concerned about reliability, offering incentives to reduce outages and penalties for downtime. Every year the sector loses USD 169 billion due to energy network failures and forced shutdowns.

“The power and utilities sector faces numerous new challenges as it stands on the threshold of a digital revolution,” said Drone Powered Solutions Partner Michał Mazur. “Pressure to shift to renewables from fossil fuels, while reducing prices, is forcing companies to look for new ways to stay profitable. As companies reinvent their business models, drones are helping increase the reliability of energy production, transmission and distribution.”

The latest report in PwC’s Clarity from above series includes stories of how creative utilities managers around the world are turning to drones to solve some of the industry’s most intractable problems, increasing both reliability and worker safety. For example, in most countries monitoring vegetation growth and trimming trees near power lines is the single biggest maintenance cost for power companies. Drones can make the trimming process more efficient, as well as providing data that helps predict and avoid damage from falling trees.

“Applying drone technologies to capture a variety of data on power plants, electrical substations or power lines is becoming a change driver for the entire power and utilities industry,” said Massimo Pellegrino, a PwC partner who contributed to the report. “Not only can drones can gather standardised, tangible data in a more efficient way than people located on the ground, but also, unlike manned aerial vehicles, they can do it without risking human life.”

Water utilities are also finding that drones can be more useful than satellites in the process of monitoring water quality. PwC’s Geospatial.App software allows the integration, presentation and management of mapping data gathered by drones equipped with visual, infrared and other cameras, which is useful in areas including monitoring the process of infrastructure construction, tracking the need for maintenance and assessing damage after natural or man-made disasters.

Today’s report is the third in the Clarity from above series. The first, in May 2016, looked at the overall global market for applications of drone technology, estimating its value at more than $127 billion. The second report found a $45 billion market for applications in the transport infrastructure sector.

“To remain competitive on the market, and stay current in the changing business ecosystem which is being challenged by new technologies, companies from the power and utilities sector need to broaden their horizons,” said Norbert Schwieters, PwC’s global power and utilities leader. “They need to perceive new technologies, such as drones, as opportunities to increase effectiveness, reduce costs and improve internal processes.”

Download here the full report.


Dr. Jörg Gerigk
Director, AI Leader
+41 58 792 27 19