Back to news
Security 29. March 2018
  • Share article

In just a few months, on May 25, 2018, the new EU General Data Protection Regulation (GDPR) will come into force. As a consequence, the appointment of an EU data protection officer will become mandatory for many Swiss companies that do not have a domicile in the EU.

This is because companies not established in the EU must, if their data processing is related, i.e.

a) offer goods or services to data subjects in the EU against payment or free of charge


(b) monitoring the behavior of data subjects (“tracking” or “profiling”), to the extent that this is done in the EU

mandatorily appoint a representative in the EU in writing.

The representative in the EU shall be instructed to serve as a point of contact in particular for supervisory authorities and data subjects for all questions in connection with the processing to ensure compliance with the GDPR.

Do you need a data protection officer in the EU? Do the check:

? Is your company established in Switzerland (and not in the EU)?
Yes – to the next question:
? Is the data processing related to offering goods or services to data subjects in the EU against payment or free of charge?
No – to the next question:
Yes – to the last question:
? Is the data processing related to monitoring the behavior of data subjects insofar as their behavior takes place in the EU?
Yes – to the last question:
? Is the data processing occasional or does not involve large-scale processing of special categories of data and is not likely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, circumstances, scope and purposes of the processing?
No, designate representative in writing

Data Protection Officer in the EU: Who?

The principle from Art. 27 GDPR on this is: a natural or legal person established in the EU who has been appointed in writing by the controller or processor and represents the controller or processor in relation to the obligations incumbent on them respectively under this Regulation.

Processing of personal data on an occasional basis only

Only public authorities and public bodies and only the occasional processing of personal data are exempt from having to appoint an EU Data Protection Officer.

The word “occasional” offers a lot of leeway in this context. Companies that want to be on the safe side define a representative.

Implementation of the GDPR in Swiss companies (step-by-step guide)

Companies that are subject to the GDPR are committed to taking action. To implement the GDPR, various tasks must be clarified, assigned and completed by May 25, 2018. Because those who do not comply with the new regulation risk heavy fines. Get a step-by-step guide to implementing the GDPR in your company free of charge in this whitepaper (only available in German).

Further news

All news

Connect with us

Swiss Business Cloud ausprobieren?

Erlebe noch heute die Welt der Swiss Business Cloud mit unserer Demo.

Open Circle AG
Freilagerstrasse 32
CH-8047 Zürich

©2023 Open Circle AG, all rights reserved.