Data Protection & IT Law

In order for your company's acti­vi­ties on the Inter­net to be suc­cessful, the legal basis must be right. In par­ti­cu­lar, your Gene­ral Terms and Con­di­ti­ons (GTC) and the design of the orde­ring pro­cess of your home­page play an important role. When deal­ing with the data of your cus­to­mers, the Data Pro­tec­tion Act must be obser­ved and, if neces­sa­ry, a data pro­tec­tion gui­de­line draf­ted. If you are a hard­ware and soft­ware sup­pli­er or deve­lo­per, it is worth pay­ing atten­ti­on to the design and con­tract nego­tia­ti­on. As a law firm for data pro­tec­tion and IT law, we pro­vi­de you with pro­fes­sio­nal support.

Ano­ther area is the pro­tec­tion of your infra­struc­tu­re. On the one hand, Cyber­cri­mi­nals should not be able to dis­rupt or inter­rupt your busi­ness acti­vi­ty (Deni­al of Ser­vice, DoS or DDos) and in an emer­gen­cy the core busi­ness should be secu­red and res­to­red as quick­ly as pos­si­ble (Busi­ness Continuity).

Infor­ma­ti­on secu­ri­ty includes tech­ni­cal, orga­ni­sa­tio­nal and legal mea­su­res that ensu­re the con­fi­den­tia­li­ty, avai­la­bi­li­ty and inte­gri­ty of infor­ma­ti­on. As a pro­ces­sor of per­so­nal data, you ful­fil your legal obli­ga­ti­ons if the data you pro­cess is ade­qua­te­ly pro­tec­ted. Not every type of data needs the same level of pro­tec­tion. The trick is to sel­ect and imple­ment the right tools based on an ana­ly­sis. The legal requi­re­ments must the­r­e­fo­re be com­pli­ed with as effi­ci­ent­ly and cost-effec­tively as pos­si­ble. In this con­text, the­re is a broad and exci­ting dis­cour­se on whe­ther to fol­low a «best prac­ti­ce» or a «good prac­ti­ce» model.

As lawy­ers and experts for infor­ma­ti­on secu­ri­ty, we offer you a so-cal­led pivo­tal func­tion: Sin­ce we speak the tech­ni­cal and legal lan­guage, we can inter­me­dia­te bet­ween tech­ni­ci­ans and lawy­ers. Like­wi­se we can prepa­re tech­ni­cal facts for aut­ho­ri­ties and courts «con­su­mer-fair». If you descri­be yours­elf as a tech­ni­cal lay­man, we will help you to under­stand the tech­ni­ci­ans. We can also give you an assess­ment as to whe­ther the idea of the tech­ni­cal side is appro­pria­te for you at all and whe­ther you need the pro­po­sed solu­ti­ons and mea­su­res at all. If you are well ver­sed in tech­ni­cal mat­ters but have uncer­tain­ties in deal­ing with lawy­ers, legal coun­sels, civil ser­vants or manage­ment, we are at your dis­po­sal to make your ide­as understandable.

Cur­rent infor­ma­ti­on on this topic can be found at 143bis.ch, a Swiss plat­form for data pro­tec­tion, infor­ma­ti­on secu­ri­ty and cyber­crime. You can find fur­ther infor­ma­ti­on on our ser­vices in the area of cyber­crime »here«.

The Data Pro­tec­tion Act sti­pu­la­tes how per­so­nal data must be pro­ces­sed. It is a cross-sec­tion­al law with an enorm­ously broad scope of appli­ca­ti­on. The dai­ly hand­ling of data the­r­e­fo­re rai­ses ques­ti­ons in a wide varie­ty of legal are­as, at various orga­ni­sa­tio­nal levels and in a wide varie­ty of busi­ness pro­ces­ses. In addi­ti­on to the dai­ly workload in the com­pa­ny, the­re are, for exam­p­le, requests for infor­ma­ti­on, ques­ti­ons about orga­ni­sa­tio­nal and data pro­tec­tion regu­la­ti­ons or the exch­an­ge of data bet­ween com­pa­nies and out­sour­cing, even bey­ond natio­nal borders.

If you pro­cess per­so­nal data and orga­ni­se, for exam­p­le, major events (sports events such as city runs, tour­na­ments, etc.), you can­not avo­id deal­ing with the pro­vi­si­ons of the Data Pro­tec­tion Act (DSG). Howe­ver, sin­ce the Data Pro­tec­tion Act appli­es to any pro­ces­sing of per­so­nal data, the regu­la­ti­ons also app­ly to pri­va­te indi­vi­du­als and small and medi­um-sized enter­pri­ses (SMEs). This appli­es all the more if you publish or make available per­so­nal data on the Inter­net (home­pages for cele­bra­ti­ons, school clas­ses, clubs, com­pa­ny web­sites, etc.).

By enac­ting the Data Pro­tec­tion Act, Par­lia­ment ins­truc­ted the Fede­ral Coun­cil to issue an ordi­nan­ce lay­ing down detail­ed imple­men­ta­ti­on rules. The Fede­ral Coun­cil has com­pli­ed with this with the Data Pro­tec­tion Ordi­nan­ce (VDSG). The­re are also a lar­ge num­ber of regu­la­ti­ons at the inter­na­tio­nal level (e.g. the Daten­schutz Grund­ver­ord­nung (DSGVO) and the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR)). In the Swiss con­text, the Data Pro­tec­tion Ordi­nan­ce estab­lishes a multi­tu­de of pro­vi­si­ons in addi­ti­on to the Data Pro­tec­tion Act, name­ly on the duty to pro­vi­de infor­ma­ti­on (Art. 8 DSG), on the duty to pro­vi­de infor­ma­ti­on (Art. 14 DSG) or spe­ci­fi­cal­ly on data secu­ri­ty (Art. 7 DSG as well as Art. 8 and 9 VDSG) to name but a few.

As lawy­ers for data pro­tec­tion and infor­ma­ti­on secu­ri­ty, we sup­port you in all pha­ses and at all levels: Be it in the con­text of con­tract nego­tia­ti­ons, the draf­ting of con­tracts, regu­la­ti­ons, con­cepts, risk manage­ment sys­tems or the sub­mis­si­on of appli­ca­ti­ons. In par­ti­cu­lar, we sup­port you in com­ply­ing with the legal regu­la­ti­ons of DSG, VSG or DSGVO etc.. In the event of a dis­pu­te, we repre­sent you in pro­cee­dings befo­re the courts, public pro­se­cu­tors' offices or the can­to­nal data pro­tec­tion com­mis­sio­ner or the Fede­ral Data Pro­tec­tion Com­mis­sio­ner (FDPIC).

To ensu­re that you com­ply with your legal obli­ga­ti­ons and that the pro­ces­sing of per­so­nal data or requests for infor­ma­ti­on is car­ri­ed out cor­rect­ly, it makes sen­se to appoint a data pro­tec­tion offi­cer. If this data pro­tec­tion offi­cer is not employ­ed by the com­pa­ny, this is refer­red to as an exter­nal data pro­tec­tion offi­cer. The advan­ta­ges are obvious: As an inde­pen­dent body, you recei­ve an objec­ti­ve assess­ment of the situa­ti­on. We pro­vi­de you with the neces­sa­ry know-how from a sin­gle source and you can con­cen­tra­te on your busi­ness acti­vi­ties. If you are loo­king for an exter­nal data pro­tec­tion offi­cer, plea­se cont­act us.

We offer spe­cia­li­zed ser­vices with LAYER 8. LAYER 8's lawy­ers and sub­ject mat­ter experts have rele­vant exper­ti­se in infor­ma­ti­on tech­no­lo­gy and cyber­se­cu­ri­ty, IT and data pro­tec­tion law, foren­sics, and liti­ga­ti­on. LAYER 8 also assists you in pro­cu­re­ment and communications.




If you con­sider yours­elf a com­pu­ter secu­ri­ty or foren­sics spe­cia­list, we recom­mend you take a look at the Swiss Cyber Kill Chain: cyber-kill-chain.ch. A mul­ti­l­in­gu­al refe­rence work based on the MITRE Att&ck framework.