Security 29. March 2018

GDPR: EU data protection officer mandatory for Swiss companies?

In just a few months, on May 25, 2018, the new EU General Data Protection Regulation (GDPR) will come into force. As a consequence, the appointment of an EU data protection officer will become mandatory for many Swiss companies that do not have a domicile in the EU.

Legal Basis

This is because companies not established in the EU must, if their data processing is related, i.e.

a) offer goods or services to data subjects in the EU against payment or free of charge


(b) monitoring the behavior of data subjects (“tracking” or “profiling”), to the extent that this is done in the EU

mandatorily appoint a representative in the EU in writing.

The representative in the EU shall be instructed to serve as a point of contact in particular for supervisory authorities and data subjects for all questions in connection with the processing to ensure compliance with the GDPR.

Do you need a data protection officer in the EU? Do the check:

? Is your company established in Switzerland (and not in the EU)?
Yes – to the next question:
? Is the data processing related to offering goods or services to data subjects in the EU against payment or free of charge?
No – to the next question:
Yes – to the last question:
? Is the data processing related to monitoring the behavior of data subjects insofar as their behavior takes place in the EU?
Yes – to the last question:
? Is the data processing occasional or does not involve large-scale processing of special categories of data and is not likely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, circumstances, scope and purposes of the processing?
No, designate representative in writing

Data Protection Officer in the EU: Who?

The principle from Art. 27 GDPR on this is: a natural or legal person established in the EU who has been appointed in writing by the controller or processor and represents the controller or processor in relation to the obligations incumbent on them respectively under this Regulation.

Processing of personal data on an occasional basis only

Only public authorities and public bodies and only the occasional processing of personal data are exempt from having to appoint an EU Data Protection Officer.

The word “occasional” offers a lot of leeway in this context. Companies that want to be on the safe side define a representative.

Implementation of the GDPR in Swiss companies (step-by-step guide)

Companies that are subject to the GDPR are committed to taking action. To implement the GDPR, various tasks must be clarified, assigned and completed by May 25, 2018. Because those who do not comply with the new regulation risk heavy fines. Get a step-by-step guide to implementing the GDPR in your company free of charge in this whitepaper (only available in German).

Das könnte dich auch interessieren

Data processing in the USA not permitted

Security 13. October 2020 What must Swiss companies do now? Swiss companies must now check whether they process data in the USA. If this is the case, the legal basis must be observed, as processing data based on the Privacy … Mehr erfahren

Exposing phishing and acting correctly

Security 8. June 2018 What is phishing used for? What is phishing? Phishing is a combination of the words "password", "harvesting" and "fishing". Phishing is a technique used to obtain confidential data from unsuspecting Internet users. The affected victim loses double, … Mehr erfahren
Cloud, technisch, farbig

Penetration Testing

Security 30. June 2022 Why do we do this? We operate an ISO 27001-certified information security management system (ISMS) and are committed to ensuring a high level of security in the processes and technical solutions. Numerous preventive measures and permanent … Mehr erfahren
Frau bezahlt digital mit Smartphone, RFID, NFC.

RFID and NFC: How to Use Them and Protect Your Data

Security 27. November 2023 What Is RFID? RFID Technology Explained in Brief RFID stands for Radio-F frequencyI identification and enables data to be recognized and transmitted via radio waves. An RFID system typically consists of an RFID tag (or transponder) … Mehr erfahren

Trojan “Retefe” attacks mails

Security 8. October 2018 The attachment of the manipulated email contains a Word file. By opening this file, the e-banking Trojan "Retefe" is installed, which is targeting personal e-banking login data. The best way to protect yourself is to keep … Mehr erfahren

Open Circle AG
Freilagerstrasse 32
CH-8047 Zürich

©2024 Open Circle AG, all rights reserved.