GDPR compliance

WE SUPPORT YOUR GDPR COMPLIANCE

As of 25 May 2018, the EU General Data Protection Regulation (GDPR) applies worldwide to any organization based in Europe, processing data of people in the European Union or monitoring their behavior.

Not sure where to start ? What documentation to use ? What immediate measure to take ?

Our lawyers have experience advising and supporting GDPR implementation. Our specialist will guide you step by step so that you can achieve compliance. You will access template materials, training for your staff and organization from employees to the senior executive level. datalex also develops legal documentation, templates and checklists, and will review, draft and negotiate service agreements and vendor contracts for your specific needs.

datalex guides you towards compliance and upskills your organization so that you can embed a privacy vision and culture into your daily operations.

Our implementation strategy

Evaluate the conformity of your activities and their level of maturity.
Map your data and create an inventory of processing (data mapping).
Define an action plan and map the processed data.
Approve a plan and find a consensus.
Implement the GDPR principles based on your plan.
Monitor and manage vendor contracts with your business partners and subcontractors.
Prepare for data and security breach and incident response.

GDPR TOOLS

Practical examples

Does the GDPR apply to your organization?

If your company is based in Switzerland, you are subject to the Swiss Data Protection Act. Also, the GDPR may also apply if your company is established in Europe. If your company is not established in Europe, but offers goods and services from Switzerland to individuals located in the EU or monitors the behaviour of individuals in the EU, you will have to comply with the General Data Protection Regulation.

What are the risks if my business is not compliant?

Risks vary depending on many factors, such as the nature and frequency of your processing activities, the size of your business and the number of customers and contractual partners, your level of security and data protection maturity, the structure of your business, and the manner in which you process and protect data subjects’ information.

Ultimately, a Data Protection Authority may issue a fine against your company which may amount up to EUR 10M to 20M, or 2% to 4% of your global annual turnover.

We assist you in assessing the risks associated with your processing activities and in structuring and setting up an action plan for compliance.

Do I need to hire a Data Protection Officer (DPO)?

If your company is subject to the GDPR, there are a number of situations in which it is necessary to appoint a Data Protection Officer (DPO). You will have to declare this person to the authorities, and this person will act as a link between your business and data protection authorities (DPA) and with individuals. This role also requires to perform other essential tasks, such as:

advising your company
developing a data protection culture
mapping your data
manage DPIAs and
responding to and collaborating with authorities in the event of incidents.

We offer to our clients the opportunity to use our services as external data protection officer for start-ups, SMEs and small multinationals.

My activity is not subject to the RGPD, so I have nothing to do?

In Switzerland, the Federal Data Protection Act is currently being revised, with a bill that is going to be enacted very closely to Regulation 2016/679 (GDPR).

If you anticipate this revision by following the GDPR principles as an industry standard, the criteria, obligations, constraints and rights for individuals will already be respected and you will be able to pursue the ordinary course of your activities without worrying about legislative changes and costs increase to comply in a rush-mode.

Gabriel Avigdor

Our expert

Co-fondateur, associé
Certifié CIPP/E (RGPD)