Data Protection & Compliance
Ensures the secure management of sensitive data, while maintaining compliance with regulatory standards.
Data is both your organisation’s most valuable asset and its most regulated one. Sensitive information flows through Microsoft 365 — emails, Teams messages, SharePoint documents, OneDrive files, and cloud applications — and the consequences of a data breach or compliance failure are severe: regulatory penalties under nLPD and GDPR, reputational damage, and loss of client trust.
One Step Beyond specialises in data protection and compliance within the Microsoft 365 and Azure ecosystem. As a certified Microsoft Solutions Partner for Modern Work & Security, our engineers implement Microsoft Purview — Microsoft’s comprehensive data governance, risk, and compliance platform — alongside AvePoint and Microsoft Defender for Cloud Apps, to protect sensitive data, enforce DLP policies, and demonstrate regulatory compliance across your entire Microsoft environment. For data protection platforms beyond Microsoft — Cribl, Forcepoint, Kiteworks, Proofpoint, Splunk, Semperis — these are delivered by our Swiss Expert Group partners e-Xpert Solutions and eb-Qual, who hold deep certified expertise across the full data protection vendor landscape.
Our Data Protection & Compliance Capabilities :
Microsoft Purview — Data Governance, Risk & Compliance
Microsoft Purview is Microsoft’s unified data governance, risk management, and compliance platform — covering data classification, information protection, data loss prevention, insider risk management, eDiscovery, and compliance management across Microsoft 365 and Azure.
Our engineers implement Microsoft Purview across its core capability areas: sensitivity labels and data classification to identify and protect sensitive content wherever it lives, retention policies and records management to govern the data lifecycle in alignment with Swiss nLPD and FINMA requirements, compliance manager to assess and track regulatory compliance posture, and audit and eDiscovery for legal hold and investigation support. Purview is the foundation of a sustainable data compliance programme built on the Microsoft platform — and One Step Beyond has the certified expertise to deploy it effectively.
Data Loss Prevention (DLP) — Microsoft Purview DLP
Microsoft Purview DLP prevents sensitive data from leaving your organisation through Microsoft 365 channels — email, Teams, SharePoint, OneDrive, and connected cloud applications. DLP policies detect sensitive information types — personal data, financial data, healthcare information, and custom-defined sensitive content — and automatically enforce protective actions: blocking sharing, requiring user justification, alerting administrators, or encrypting the content in transit.
Our engineers design and implement Purview DLP policies tailored to your organisation’s data classification framework and regulatory obligations — covering nLPD personal data categories, FINMA-protected financial information, and sector-specific sensitive content types. We configure DLP across Microsoft 365 Unified DLP, Endpoint DLP for managed Windows devices, and Microsoft Defender for Cloud Apps for cloud application coverage — providing end-to-end data leakage prevention across your Microsoft estate.
Microsoft Information Protection — Sensitivity Labels & Encryption
Microsoft Information Protection (MIP) provides persistent data protection through sensitivity labels — classification tags applied to documents and emails that enforce protection wherever the content travels, including outside your organisation. Sensitivity labels can enforce encryption, content markings (watermarks, headers, footers), and access restrictions — ensuring that a confidential document emailed to an external partner remains encrypted and access-controlled even after it leaves your environment.
Our engineers design sensitivity label taxonomies that reflect your organisation’s data classification framework, configure auto-labelling policies that classify sensitive content automatically, and deploy labels across Microsoft 365 applications — Word, Excel, PowerPoint, Outlook, Teams, and SharePoint. For organisations deploying Microsoft 365 Copilot, sensitivity label implementation is a prerequisite for safe Copilot activation — ensuring that AI-generated content inherits appropriate protection.
Microsoft Defender for Cloud Apps — CASB & Shadow IT
Microsoft Defender for Cloud Apps is Microsoft’s Cloud Access Security Broker (CASB) — providing visibility into cloud application usage, control over data shared with cloud applications, and threat detection for cloud-delivered attacks. It discovers shadow IT (unsanctioned cloud applications used by employees without IT approval), assesses cloud application risk, and enforces data protection policies across both Microsoft and third-party cloud applications connected to your environment.
Our engineers implement Defender for Cloud Apps to give your organisation a complete picture of cloud data risks — discovering which cloud applications your employees use, identifying data shared externally through cloud applications, blocking access to high-risk or non-compliant applications, and enforcing session controls that limit data download and sharing for sensitive applications accessed from unmanaged devices.
Microsoft 365 Data Governance — AvePoint
Microsoft 365 provides powerful collaboration capabilities — but without proper governance, data accumulates in ways that create compliance risk: stale permissions, abandoned sites, over-shared content, and expired data that should have been deleted. AvePoint extends Microsoft 365 data governance with automated lifecycle management, granular backup and recovery, migration management, and compliance reporting that goes beyond what Microsoft’s native tools provide.
Our engineers deploy AvePoint to deliver the data governance capabilities that regulated Swiss organisations require: automated access reviews and permission management for SharePoint and Teams, point-in-time backup and recovery for Microsoft 365 data, migration management for mergers, acquisitions, and tenant-to-tenant migrations, and compliance reports mapped to nLPD and FINMA audit requirements. AvePoint is the data governance platform that makes Microsoft 365 auditable at scale.
Insider Risk Management — Microsoft Purview
Not all data risks come from external attackers. Insider risks — employees exfiltrating data before leaving, accidental sharing of sensitive content, or policy violations — are among the hardest to detect and the most damaging. Microsoft Purview Insider Risk Management uses signals from Microsoft 365 activity — email, Teams, SharePoint, and endpoint activity — to detect risky patterns and alert security teams before data loss occurs.
Our engineers implement Purview Insider Risk Management with careful attention to privacy — configuring pseudonymisation controls that protect employee privacy while enabling risk detection, designing investigation workflows that comply with Swiss labour law, and integrating insider risk alerts with Microsoft Sentinel for unified security operations.
nLPD, GDPR & Regulatory Compliance Alignment
Swiss organisations face a layered compliance landscape: the revised nLPD (in force since September 2023), GDPR for EU data subjects, FINMA circulars for financial institutions, and ISO 27001 for information security management. Microsoft Purview Compliance Manager provides a continuous compliance assessment against these frameworks — identifying gaps, tracking remediation progress, and generating the compliance score evidence that auditors require.
Our engineers configure Compliance Manager for the regulatory frameworks applicable to your organisation, implement the technical controls required by each framework within your Microsoft 365 environment, and produce the documentation and audit evidence that demonstrates compliance to internal and external auditors — including FINMA inspectors and ISO 27001 certification bodies.
Why One Step Beyond for Data Protection & Compliance?
One Step Beyond’s data protection and compliance practice is built on deep Microsoft Purview expertise — the platform that sits at the centre of every Microsoft 365 compliance programme. As a Microsoft Solutions Partner for Modern Work & Security, our engineers understand how Microsoft Purview, Defender for Cloud Apps, MIP, DLP, and AvePoint work together as an integrated compliance architecture — not as separate tools.
Our approach is regulatory-first: we start from the compliance obligations that apply to your organisation — nLPD, GDPR, FINMA, ISO 27001 — and design the Microsoft technical controls that satisfy them. This means our implementations produce compliance evidence that holds up under audit, not just configurations that look good in a dashboard.
For data protection platforms beyond Microsoft — Cribl, Forcepoint, Kiteworks, Proofpoint, Splunk, and Semperis — these capabilities are delivered by our Swiss Expert Group partners e-Xpert Solutions (Geneva, Lausanne) and eb-Qual (Givisiez, Kloten), who hold certified expertise across each of these platforms.
We operate from our office in Gland (Vaud), serving organisations across French-speaking Switzerland and beyond.
Technologies We Work With :
One Step Beyond’s core data protection and compliance expertise is built on the Microsoft platform:


For data protection beyond Microsoft — Cribl, Forcepoint, Kiteworks, Proofpoint, Splunk, Netskope, and Semperis — these platforms are delivered by our Swiss Expert Group partners e-Xpert Solutions and eb-Qual, who hold certified expertise across each technology.








Ready to Strengthen Your Data Protection & Compliance Posture?
Whether you are implementing Microsoft Purview, deploying DLP across Microsoft 365, governing data with AvePoint, or preparing for a FINMA or nLPD compliance audit, One Step Beyond brings certified Microsoft expertise and a proven Swiss track record. Contact us to discuss your data protection and compliance challenges.
Frequently Asked Questions – Data Protection & Compliance in Switzerland
Q : What is Microsoft Purview and what does it cover?
Microsoft Purview is Microsoft’s unified data governance, risk, and compliance platform — covering five core capability areas: data classification and information protection (sensitivity labels, encryption), data loss prevention (DLP policies across Microsoft 365, endpoints, and cloud apps), data lifecycle management (retention policies, records management), insider risk management (detecting risky employee behaviour patterns), and compliance management (regulatory assessment, audit evidence, eDiscovery). It is the central platform for any organisation running Microsoft 365 that needs to demonstrate compliance with nLPD, GDPR, FINMA, or ISO 27001.
Q : What is the Swiss nLPD and how does it affect Microsoft 365 environments?
The revised Swiss Federal Act on Data Protection (nLPD), in force since September 2023, significantly strengthened Swiss data protection requirements — introducing mandatory breach notification within 72 hours, privacy by design obligations, data processing record requirements, and stricter rules for cross-border data transfers. For Microsoft 365 environments, nLPD compliance requires: data classification and sensitivity labelling (to identify what personal data exists and where), DLP policies (to prevent unauthorised sharing), retention policies aligned with nLPD data minimisation principles, audit logging (to demonstrate compliance), and data subject rights workflows (to respond to access and deletion requests). One Step Beyond configures all of these within Microsoft Purview.
Q : What is a CASB and why is Microsoft Defender for Cloud Apps important?
A Cloud Access Security Broker (CASB) is a security control point between cloud service consumers and cloud service providers — providing visibility into cloud application usage, enforcement of security policies, and threat detection for cloud-based attacks. Microsoft Defender for Cloud Apps is Microsoft’s CASB solution. It discovers shadow IT (employees using unsanctioned cloud applications that bypass security controls), assesses the risk of cloud applications in use, enforces data protection policies for content shared through cloud applications, and detects anomalous user behaviour in cloud applications. For Microsoft 365 organisations, Defender for Cloud Apps extends DLP and compliance controls beyond the Microsoft boundary to third-party cloud applications.
Q : What is AvePoint and how does it complement Microsoft 365?
AvePoint is a Microsoft Solutions Partner providing advanced data governance, backup and recovery, and migration management for Microsoft 365. While Microsoft 365 includes basic retention and compliance features, AvePoint adds: granular point-in-time backup and recovery for Exchange, Teams, SharePoint, and OneDrive (beyond Microsoft’s native 93-day recycle bin), automated permission and access lifecycle management, Teams governance (provisioning policies, lifecycle management, guest access controls), and compliance reports mapped to nLPD and FINMA audit requirements. For regulated Swiss organisations that need auditable, granular control over their Microsoft 365 data, AvePoint is the governance platform that makes Microsoft 365 audit-ready at scale.
Q : How does Microsoft Purview DLP differ from traditional network DLP?
Traditional network DLP inspects data at the network perimeter — monitoring traffic leaving the corporate network and blocking content that matches sensitive data patterns. Microsoft Purview DLP operates at the content layer — protecting sensitive information within and across Microsoft 365 applications regardless of network location. It covers email, Teams messages, SharePoint documents, OneDrive files, and connected cloud applications, and extends to managed Windows endpoints through Endpoint DLP. For cloud-first organisations where data moves through Microsoft 365 rather than a corporate network perimeter, Purview DLP provides more comprehensive and contextually accurate data protection than network-based solutions.
Q : Where is One Step Beyond based?
One Step Beyond is headquartered in Gland (Vaud) — Route de Cité-Ouest 2, 1196 Gland, telephone +41 22 995 96 12. The company also operates an office in Budapest (Hungary). As part of Swiss Expert Group, One Step Beyond collaborates with e-Xpert Solutions (Geneva, Lausanne) and eb-Qual (Givisiez, Kloten) to deliver integrated cloud and cybersecurity solutions across Switzerland.