Jusletter IT

Back to issue
Data Protection

Towards GDPR Compliance as a Best Practice: a Primer for Swiss SMEs

  • Category: Articles
  • Region: Switzerland
  • Field of law: Data Protection
  • Citation: Philippe Gilliéron, Towards GDPR Compliance as a Best Practice: a Primer for Swiss SMEs, in: Jusletter IT 26 September 2018
  • Over the last years, privacy concerns have significantly increased, and the recent adoption of the GDPR in May 2018 coupled with the Cambridge Analytica scandal now give cold sweats to most companies. SMEs are struggling to find their way in a field they have little understanding of (if any), and find it hard to know where to start from. This paper aims at providing them some basic information and checklist to start building a privacy management program without incurring significant expenditures or being a privacy expert.


    • I. Introduction
    • II. Footprint towards the Setting up of Privacy Management within SME
      • A. Data Mapping
        • 1. Mapping
        • 2. Privacy Impact Assessments
      • B. Privacy Policy and Notices
        • 1. Policies and Notices
        • 2. Lawful Basis for Processing
      • C. Vendor Management
        • 1. Agreements in Place
        • 2. Future Agreements
      • D. Data Breach Response Plan
      • E. Maintain Procedures for Inquiries and Complaints
      • F. Training
      • G. Need for a Data Protection Officer?
    • III. Conclusion
    Download PDF