Das Datenschutzrecht verlangt eine Reihe von Massnahmen. Einige davon werden im laufenden Betrieb erforderlich, bspw. eine Meldung einer Datensicherheitsverletzung oder eine Antwort auf ein Auskunftsbegehren. Das kann aber eine gewisse Vorbereitung verlangen, weshalb sich Unternehmen – jedenfalls grössere – proaktiv mit diesen Fragen befassen müssen. Andere Massnahmen müssen unabhängig von einem Einzelereignis im Vorfeld getroffen werden.
Data protection law therefore requires “implementation,” i.e., certain measures to avoid the risk of a data breach, in the interest of the data subjects as well as the company and its employees and management bodies.
How to implement this depends very much on the individual case. Very small companies can get by with a privacy policy, large companies have to do a lot more.
We provide guides and checklists for the implementation of the nDSG, for SMEs (under Swiss law) and for larger companies (also with a view to the GDPR).
Not only large companies have to implement the new data protection law, but also SMEs. There are only marginal exceptions for SMEs in the nDSG – most of the requirements also apply to them. However, the expectations for the standard of implementation are different.
We have therefore prepared a checklist for SMEs. It is designed for simpler circumstances and private companies (not for public bodies). It does not claim to be complete and does not constitute legal advice.
In the case of larger or internationally active companies, it can often be assumed that the GDPR will be implemented, insofar as this is possible. Accordingly, such companies ask themselves less which requirements of the new DPA and more where differences exist between the GDPR and the nDSG. For this purpose, we provide a guide:
You can also find documents under Downloads.
You will find various Links to data protection law.
You can also find further information at rosenthal.ch and a self-test at the Vischer Privacy Score.
Lost in Translation?