The Data Protection Package for Your Company

Bring your company up to date with the latest data protection laws - priced at CHF 2,500

Start Inquiry Download Icon
Star IconStar IconStar IconStar IconStar Icon
stars awarded by our clients to our service and lawyersGoogle Logo
  • Check IconTransparent Fixed Price
  • Check IconExperienced Specialists
  • Check IconOver 25,000 Satisfied Customers

The Swiss Data Protection Act (DSG) and its associated Data Protection Ordinance (DSV) set clear requirements for companies. To ensure that your company meets the legal requirements, we offer you our data protection package.

About the Package

Our data protection package allows you to identify and implement your individual needs for data protection. Additionally, you will receive a data protection statement tailored to your requirements, along with all other relevant documents. Target Audience

Our offer is aimed at all companies processing personal data of individuals residing in Switzerland and wishing to ensure that their company complies with the requirements of the Swiss Data Protection Act.

Process and Duration

The implementation of the data protection package typically takes about 2 weeks. During this process, we will guide you as follows:

First, we will conduct an inventory of your current data protection measures. Subsequently, we will create the data protection statement, the processing activities directory, and other relevant documentation for you. We are available to answer any data protection-related questions you may have at any time. At the end of the project, you will receive the individually tailored documents.

The Package Includes the Following Documents

Individually customized for your company:

  • Data Protection Statement: Comprehensive internal and external data protection statement compliant with current legal requirements.
  • Data Processing Activities Directory: Provides an overview of all processing steps of personal data within the company.
  • Data Protection Impact Assessment: Risk analysis of specific processing activities that need to be carried out under certain conditions.
  • Guideline: A clear guide with explanations, providing a general overview of data protection and, if applicable, typical business cases in the company.


  • Data Protection Regulations: Addressed to employees, this regulation can serve as a general guideline for handling personal data.
  • Specification Sheet for Data Protection Tasks: Exemplary guide for task distribution in the implementation of data protection within the company.
  • Declaration of Commitment: Document in which employees commit to complying with your company's data protection policies.
  • Data Breach Protocol: Document for documenting data breaches and the corresponding measures for rectification.
  • Technical and Organizational Measures: Document for documenting technical and organizational measures for data protection in the company, including exemplary measures.
  • Data Processing Agreement (DPA): Agreement on data processing outlining the requirements for the processor.
  • Data Subject Access Request: Response letter used to answer data subject access requests.


The indicative price is CHF 2,500 incl. VAT.

Do you have any specific requests or circumstances to be considered? Mention them in the free-text section of the inquiry form. You will then receive an individual quote for the planning and implementation of the data protection package.

Get a non-binding offer

Do you have any questions?

I am happy to personally advise you on ensuring that your company is legally well-positioned.



Dominic Rogger

Lawyer, lic. iur. LL.M. 

Book a free call Download Icon

What do I need to know about data protection?

The changes in the new data protection law introduce additional information and documentation obligations. As a company, you should review and adapt your existing policies, processes, and measures accordingly.

You should be aware of the following new regulations:

  • You are obligated to inform the data subjects about all processing of personal data. Additionally, data subjects have the right to request their personal data.
  • All steps of data processing must be documented.
  • If data processing is outsourced to third parties, it must be ensured that they can guarantee appropriate data security.
  • If processing poses a high risk, a data protection impact assessment must be conducted.
  • Data protection incidents must be reported to the Federal Data Protection and Information Commissioner as soon as possible.
  • The data controller must ensure that data processing complies with the principles of Privacy by Design and Privacy by Default.
  • Violations of information and disclosure obligations can be punished with fines of up to CHF 250,000.

As soon as you process personal data, a privacy policy informing the data subjects about the acquisition of personal data is mandatory.

If you process personal data online or through your website, your privacy policy must also include and explain these processes, including how cookies and similar technologies are used.

Companies should review which service providers store or process personal data in third countries. The data protection guarantees previously used for this purpose must be reviewed and, if necessary, replaced. One possible guarantee for data transfers to the USA is so-called Standard Contractual Clauses. These are pre-established contract templates by the EU Commission for the transfer of data from EU countries to third countries (non-EU countries).

However, the conclusion of Standard Contractual Clauses alone is not sufficient in individual cases. It is also necessary to review the contract text of the Standard Contractual Clauses. The correct set must have been chosen, and the clauses must not have been altered in content. The annexes to the Standard Contractual Clauses must be completed correctly. The level of data protection promised by the Standard Contractual Clauses must also be actually maintained.

Outsourcing of processing of personal data is still possible, provided that the processor can guarantee an appropriate level of data protection, especially through suitable technical and organizational measures. It is mandatory to conclude a data processing agreement for this purpose. Additionally, the processor may only transfer processing to a third party with the consent of the data controller.

You may only store personal data for as long as it is necessary for the purposes for which you have collected the data. Always keep in mind why you have received the data and observe the statutory time limits.

You may also be interested in these articles