Data Protection consultant (Switzerland)

The data protection consultant (DPO) is a person appointed by a company or organization to monitor compliance with the FDPA (Swiss Data Protection Act), advise the company and monitor implementation. The DPO must have the necessary expertise and independence and must not be disadvantaged or dismissed in the performance of their duties.

Why is data protection important for your company?


The cyber attacks are directed against SMEs

Here are a few recent examples:

  • Mercedes Benz, entire Gitlab data (code) online
  • 23andme, DNA data published by approx. 6 million customers.
  • Trello, data hacked on 15 million customers
  • Motel One, ransomware attack
  • Verivox, software vulnerability

Data protection & privacy are fundamental rights in the EU

In Switzerland, the right to privacy and data protection is anchored in the federal constitution. In particular, Article 13 paragraph 2 of the Federal Constitution (BV) grants the inalienable right to respect for private life and informational self-determination. This legal norm protects every individual from invasion of their privacy by either state or private actors. The right to data protection and the security of personal data are derived from this. Art. 13 Paragraph 2 BV not only covers the misuse of individual data, but also includes any government activity in the context of processing personal data within its scope of protection.

Personal data, defined in accordance with the Federal Data Protection Act (DSG), refers to information that relates to referring to an identified or identifiable natural person. The DSG regulates precisely how such data may be collected, processed and used. It defines the framework conditions under which data processing is permitted and protects the rights of data subjects with regard to their personal data. The Federal Constitution and the Data Protection Act thus form the legal basis for the comprehensive protection of privacy and data protection in Switzerland. According to Art. 13 BV and the Federal Data Protection Act, every person has the inalienable right to have their privacy respected and their personal data adequately protected.


of companies regard data protection as a business necessity

In today's market, privacy compliance has become an important aspect of the customer buying process. Data protection programs make it possible to shorten sales cycles by quickly providing the necessary information for a supplier audit. Data protection also helps to build customer trust and increase business attractiveness.

Do you need a data protection officer?

The benefits of a designation include:

What activities does a SIDD data protection consultant do?

A data protection consultant (Switzerland) can take on the following tasks:

  • They informs and advises the person responsible or the processor and the employees who carry out processing operations about their obligations under the DSG.
  • They monitors compliance with the DSG, other data protection regulations and internal policies, including the allocation of responsibilities, raising awareness and training of employees involved in processing operations, and related reviews.
  • On request, they provides advice in connection with the data protection impact assessment and monitors its implementation.
  • They works with the competent supervisory authority and acts as a point of contact for them in matters arising from the processing of personal data.
  • They keeps a list of processing activities that are subject to their responsibility.
  • They supports the person responsible or processor in responding to inquiries from data subjects who wish to exercise their rights under the DSG, such as the right to information, correction, deletion or objection.
  • They creates or updates internal privacy policies or guidelines to ensure the processing of personal data in accordance with data protection regulations.
  • They regularly checks the security of the processing of personal data and recommends appropriate technical and organizational measures to minimize or eliminate risks.
  • They suggests improvements or changes to existing processing processes in order to increase the efficiency and quality of data processing.
  • They coordinates or leads training courses or workshops on data protection for employees or other relevant stakeholders.

How much effort does a data protection consultant have

This is highly dependent on the company and also on the complexity of the business and IT. Expense drivers here are:

  • Company size — Larger companies usually have more complex data protection requirements and need more time to implement and monitor data protection measures.
  • Industry-specific requirements — Certain industries, such as healthcare or financial services, are subject to specific data protection regulations, which may require additional effort.
  • Updating privacy policies — Data protection laws and regulations change regularly. The data protection consultant must ensure that the company's privacy policy is constantly up to date.
  • Training and awareness raising — The data protection consultant could provide training for employees to raise awareness of data protection issues.
  • Implementation of data protection measures — This includes the introduction of technical and organizational measures to ensure compliance with data protection regulations.
  • Monitoring and audit — The data protection consultant must carry out regular monitoring and audits to ensure that the privacy policies are effectively implemented.
  • Communication with data protection authorities — Data breaches or inquiries from data protection authorities may require additional effort.

A data protection officer in an average company with around 250 employees must work around 10 hours a week to comply with they legal obligations.

Why you should name us as an external data protection officer

You save time and money by outsourcing the tasks of the data protection officer to us.
You benefit from our many years of experience and comprehensive expertise in the area of data protection.
They minimize the risk of data breaches, fines and liability claims.
You will receive independent and objective advice on all data protection issues.
You strengthen the trust of your customers, employees and business partners in the handling of their personal data.

Which packages does SIDD offer?

We offer two types of packages.

Standard (SME package)

What happens after you order SIDD?

Contract signing

We conclude a service contract that contains the framework conditions and scope of our activities as a DPO. Digital, of course 😉

Kick-off meeting

We will conduct a kick-off workshop with you to get to know you, agree on expectations and discuss the next steps.

Data protection analysis

We carry out an inventory of your company's processes, systems and documents relevant to data protection in order to determine the current status and the need for action.

Data protection concept

We create an action plan to implement the data protection requirements in your company. This plan includes, among other things, the preparation or revision of data protection declarations, procedural records, data protection impact assessments, order processing contracts and internal guidelines.

Data protection implementation

We support you in the practical implementation of the planned measures, e.g. by providing advice, training, auditing or support when communicating with the persons concerned or the supervisory authorities.

Data protection support

We are available as a permanent point of contact for all data protection issues and are responsible for continuously monitoring, updating and adapting data protection measures to the changing legal and technical framework conditions.