Data Protection & IT Law

Aktuelle Beiträge:
PGP ID: DC1692306A30CBE8 (Key)

Tel: 041 440 33 43
Tel / Text Signal: 041 440 33 43
Tel / Text Threema: 041 440 33 43
Videokonferenz: auf telefonische Anfrage
Fax: 041 440 44 93

Anwaltskanzlei Kost
Zentralstrasse 20
Postfach 1343
6031 Ebikon

MO-FR: 08:00 bis 17:00 (i.d.R. auch über Mittag)
SA: 09:00 bis 12:00 (nach Absprache)

Pikettdienst: »siehe hier«


»Karte in OpenStreetMap öffnen«
»Karte in Google Maps öffnen«
»Kartenlinks mailen«
In order for your company's activi­ties on the Inter­net to be suc­cess­ful, the legal basis must be right. In par­ti­cu­lar, your Gene­ral Terms and Con­di­ti­ons (GTC) and the design of the orde­ring pro­cess of your home­page play an important role. When dealing with the data of your custo­mers, the Data Pro­tec­tion Act must be obser­ved and, if necessa­ry, a data pro­tec­tion gui­de­li­ne draf­ted. If you are a hard­ware and soft­ware sup­plier or deve­lo­per, it is worth pay­ing atten­ti­on to the design and con­tract nego­tia­ti­on. As a law firm for data pro­tec­tion and IT law, we pro­vi­de you with pro­fes­sio­nal sup­port.

Ano­t­her area is the pro­tec­tion of your infra­st­ruc­tu­re. On the one hand, Cybercri­mi­nals should not be able to dis­rupt or inter­rupt your busi­ness activi­ty (Deni­al of Ser­vice, DoS or DDos) and in an emer­gen­cy the core busi­ness should be secu­red and res­to­red as quick­ly as pos­si­ble (Busi­ness Con­ti­nui­ty).

Infor­ma­ti­on secu­ri­ty
Infor­ma­ti­on secu­ri­ty inclu­des tech­ni­cal, orga­ni­sa­tio­nal and legal mea­su­res that ensu­re the con­fi­den­tia­li­ty, avai­la­bi­li­ty and inte­gri­ty of infor­ma­ti­on. As a pro­ces­sor of per­so­nal data, you ful­fil your legal obli­ga­ti­ons if the data you pro­cess is ade­qua­te­ly pro­tec­ted. Not every type of data needs the same level of pro­tec­tion. The trick is to select and imple­ment the right tools based on an ana­ly­sis. The legal requi­re­ments must the­re­fo­re be com­plied with as effi­ci­ent­ly and cost-effec­tively as pos­si­ble. In this con­text, the­re is a broad and exci­ting dis­cour­se on whe­ther to fol­low a «best prac­tice» or a «good prac­tice» model.

As lawy­ers and experts for infor­ma­ti­on secu­ri­ty, we offer you a so-cal­led pivo­tal func­tion: Sin­ce we speak the tech­ni­cal and legal lan­guage, we can inter­me­dia­te bet­ween tech­ni­ci­ans and lawy­ers. Like­wi­se we can pre­pa­re tech­ni­cal fac­ts for aut­ho­ri­ties and courts «con­su­mer-fair». If you descri­be yours­elf as a tech­ni­cal lay­man, we will help you to under­stand the tech­ni­ci­ans. We can also give you an assess­ment as to whe­ther the idea of the tech­ni­cal side is appro­pria­te for you at all and whe­ther you need the pro­po­sed solu­ti­ons and mea­su­res at all. If you are well ver­sed in tech­ni­cal mat­ters but have uncer­tain­ties in dealing with lawy­ers, legal coun­sels, civil ser­vants or manage­ment, we are at your dis­po­sal to make your ide­as under­stand­a­ble.

Cur­rent infor­ma­ti­on on this topic can be found at, a Swiss plat­form for data pro­tec­tion, infor­ma­ti­on secu­ri­ty and cybercrime. You can find fur­ther infor­ma­ti­on on our ser­vices in the area of cybercrime »here«.

Pri­va­cy pro­tec­tion
The Data Pro­tec­tion Act sti­pu­la­tes how per­so­nal data must be pro­ces­sed. It is a cross-sec­tio­n­al law with an enor­mously broad scope of app­li­ca­ti­on. The dai­ly hand­ling of data the­re­fo­re rai­ses ques­ti­ons in a wide varie­ty of legal are­as, at various orga­ni­sa­tio­nal levels and in a wide varie­ty of busi­ness pro­ces­ses. In addi­ti­on to the dai­ly workload in the com­pa­ny, the­re are, for examp­le, requests for infor­ma­ti­on, ques­ti­ons about orga­ni­sa­tio­nal and data pro­tec­tion regu­la­ti­ons or the exchan­ge of data bet­ween com­pa­nies and out­sour­cing, even bey­ond natio­nal bor­ders.

If you pro­cess per­so­nal data and orga­ni­se, for examp­le, major events (sports events such as city runs, tour­na­ments, etc.), you can­not avo­id dealing with the pro­vi­si­ons of the Data Pro­tec­tion Act (DSG). Howe­ver, sin­ce the Data Pro­tec­tion Act app­lies to any pro­ces­sing of per­so­nal data, the regu­la­ti­ons also app­ly to pri­va­te indi­vi­du­als and small and medi­um-sized enter­pri­ses (SMEs). This app­lies all the more if you publish or make avail­ab­le per­so­nal data on the Inter­net (home­pages for cele­bra­ti­ons, school clas­ses, clubs, com­pa­ny web­sites, etc.).

By enac­ting the Data Pro­tec­tion Act, Par­li­a­ment inst­ruc­ted the Federal Coun­cil to issue an ordi­nan­ce lay­ing down detail­ed imple­men­ta­ti­on rules. The Federal Coun­cil has com­plied with this with the Data Pro­tec­tion Ordi­nan­ce (VDSG). The­re are also a lar­ge num­ber of regu­la­ti­ons at the inter­na­tio­nal level (e.g. the Daten­schutz Grund­ver­ord­nung (DSGVO) and the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR)). In the Swiss con­text, the Data Pro­tec­tion Ordi­nan­ce estab­lishes a mul­ti­tu­de of pro­vi­si­ons in addi­ti­on to the Data Pro­tec­tion Act, name­ly on the duty to pro­vi­de infor­ma­ti­on (Art. 8 DSG), on the duty to pro­vi­de infor­ma­ti­on (Art. 14 DSG) or spe­ci­fi­cal­ly on data secu­ri­ty (Art. 7 DSG as well as Art. 8 and 9 VDSG) to name but a few.

As lawy­ers for data pro­tec­tion and infor­ma­ti­on secu­ri­ty, we sup­port you in all pha­ses and at all levels: Be it in the con­text of con­tract nego­tia­ti­ons, the draf­ting of con­trac­ts, regu­la­ti­ons, con­cepts, risk manage­ment sys­tems or the sub­mis­si­on of app­li­ca­ti­ons. In par­ti­cu­lar, we sup­port you in com­ply­ing with the legal regu­la­ti­ons of DSG, VSG or DSGVO etc.. In the event of a dis­pu­te, we rep­re­sent you in pro­cee­dings befo­re the courts, public pro­se­cu­tors' offices or the can­to­nal data pro­tec­tion com­mis­sio­ner or the Federal Data Pro­tec­tion Com­mis­sio­ner (FDPIC).

Data pro­tec­tion offi­cer
To ensu­re that you com­ply with your legal obli­ga­ti­ons and that the pro­ces­sing of per­so­nal data or requests for infor­ma­ti­on is car­ri­ed out cor­rec­t­ly, it makes sen­se to appoint a data pro­tec­tion offi­cer. If this data pro­tec­tion offi­cer is not employ­ed by the com­pa­ny, this is refer­red to as an exter­nal data pro­tec­tion offi­cer. The advan­ta­ges are obvious: As an inde­pen­dent body, you recei­ve an objec­tive assess­ment of the situa­ti­on. We pro­vi­de you with the necessa­ry know-how from a sin­gle source and you can con­cen­tra­te on your busi­ness activi­ties. If you are loo­king for an exter­nal data pro­tec­tion offi­cer, plea­se con­tact us.

Per­so­nal pri­va­cy pro­tec­tion on the Inter­net / Mob­bing
On the Inter­net the­re are very often offen­si­ve state­ments through insults, accu­sa­ti­ons, insults or the publi­ca­ti­on of pho­to­graphs or other images. If pho­to­graphs are published, this usual­ly affec­ts the right to one's own image. Search engi­nes and soci­al plat­forms such as Face­book, Xing, Lin­kedIn, Insta­gram, Tumb­lr etc. store ever­ything they recei­ve; the Inter­net never for­gets. Dele­ting ent­ries, remo­ving images or search results and tracking mali­cious Inter­net users is often dif­fi­cult becau­se the necessa­ry know-how is lacking. The Inter­net seems to be a legal vacu­um today. But this is not the case.

If your per­so­na­li­ty is hurt on the Inter­net, we help you to defend yours­elf against it. In ever­y­day life, cyber­bul­ly­ing, slan­der and defa­ma­ti­on on the Inter­net, black­mail with inti­ma­te data (e.g. pic­tures or vide­os) and iden­ti­ty theft occur in this area. If you are not sure about the risks you face when publi­shing on the Inter­net or other media, or what pos­si­bi­li­ties exist to defend yours­elf, we can give you an assess­ment.