top of page
1x1 of data protection
Important terms and principles – simply explained.
This overview will help you quickly understand the key principles of data protection law. It's ideal for companies that want to get their bearings without the need for legal jargon.
DSG & GDPR – What applies to my company?
The Swiss Data Protection Act (DSG) regulates data protection in Switzerland. The GDPR applies to you if you deal with people in the EU – for example, when placing online orders, conducting marketing, or conducting web analytics. Many SMEs must comply with both legal systems.
Who is responsible –
and who processes on behalf of the client?
The controller decides on the purpose and means of data processing – this is usually your company. A processor (e.g., cloud service provider, payroll office) processes data on your behalf and requires a contractual agreement (ADV).
Which data is particularly protected?
Personal data includes names, addresses, and email addresses. Health data, religious beliefs, and political views, among others, are particularly worthy of protection—stricter requirements apply here.
What do I have to consider as a company?
Inform those affected transparently (e.g. via privacy policy)
Implement technical and organizational protective measures (TOMs)
Only edit as much data as necessary
Document processes and contracts
Data protection by design & by default
Data protection must be considered from the outset – with every new software, website, or internal application. And systems should be configured to be data-efficient by default.
When do I need a Data Impact Assessment (DPIA)?
When data processing is particularly risky—e.g., camera surveillance, tracking, profiling, or when sensitive data is processed on a large scale—a data protection impact assessment identifies risks and helps minimize them.
bottom of page