{"id":1358,"date":"2023-07-14T08:52:09","date_gmt":"2023-07-14T06:52:09","guid":{"rendered":"https:\/\/moorlaw.digicube.dev\/rechtsgebiet\/what-should-smes-do\/implementation-of-data-protection-measures\/"},"modified":"2023-11-18T12:30:37","modified_gmt":"2023-11-18T11:30:37","slug":"implementation-of-data-protection-measures","status":"publish","type":"rechtsgebiet","link":"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/what-should-smes-do\/implementation-of-data-protection-measures\/","title":{"rendered":"Implementation of Data Protection Measures"},"content":{"rendered":"\n<p>Based on the identified measures, the existing documents (privacy policy, contracts, etc.) need to be reviewed and updated if necessary. Missing documents should be created, and responsibilities and processes should be defined as needed.<\/p>\n\n<p>The specific documents, policies, and processes to be created or defined depend on the circumstances of each individual case and may include:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Updating the privacy policy on the website<\/li>\n\n\n\n<li>Creating missing documents\n<ul class=\"wp-block-list\">\n<li>Privacy policy for customers and other contractual partners<\/li>\n\n\n\n<li>Privacy policy for employees, and possibly also for job applicants<\/li>\n\n\n\n<li>Record of processing activities (exemption possible for SMEs, but recommended)<\/li>\n\n\n\n<li>Application inventory (exemption possible for SMEs, but recommended)<\/li>\n\n\n\n<li>Data protection impact assessment for high-risk processing<\/li>\n\n\n\n<li>Agreements with data processors<\/li>\n\n\n\n<li>Updating terms and conditions<\/li>\n\n\n\n<li>Updating contracts<\/li>\n\n\n\n<li>Optionally, a record of data protection incidents<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Defining processes and policies\n<ul class=\"wp-block-list\">\n<li>Internal Data Protection Policies<\/li>\n\n\n\n<li>Process for handling requests from data subjects<\/li>\n\n\n\n<li>Documentation of measures for data security protection<\/li>\n\n\n\n<li>Procedures for addressing data security breaches<\/li>\n\n\n\n<li>Data retention periods and deletion<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Processes and policies for ICT, cloud services, and marketing\n<ul class=\"wp-block-list\">\n<li>Adjusting systems or procuring new systems that are compliant<\/li>\n\n\n\n<li>Security policies for IT systems<\/li>\n\n\n\n<li>Data processing agreements (cloud services, marketing)<\/li>\n\n\n\n<li>Data transfers to foreign countries (secure\/insecure countries)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Compliance and risk assessments<\/li>\n\n\n\n<li>Employee training<\/li>\n<\/ul>\n\n<hr class=\"wp-block-separator has-text-color has-accent-color has-alpha-channel-opacity has-accent-background-color has-background\"\/>\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"gb-container gb-container-98a7c598\">\n<div class=\"gb-container gb-container-11a0998e\">\n\n<p><strong>Services<\/strong><\/p>\n\n\n\r\n<section id=\"digicube-block-653b8880876e9\"  class=\"chooseposttype-wrap\" >\r\n    <ul class=\"cpt-posts\">\r\n                   <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/service\/legal-services-for-corporates\/\">Legal Services for Corporates<\/a>\r\n                <\/li>\r\n                   <\/ul>\r\n<\/section> \n<\/div>\n\n<div class=\"gb-container gb-container-25f5bccc\">\n\n<p><strong><strong>Further reading<\/strong><\/strong><\/p>\n\n\n\r\n<section id=\"digicube-block-653b888087772\"  class=\"chooseposttype-wrap\" >\r\n    <ul class=\"cpt-posts\">\r\n                   <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/what-should-smes-do\/\">What should SMEs do?<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/new-swiss-data-protection-law\/\">New Swiss Data Protection Law<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/documentation-obligations\/\">Data protection Documentation Obligations<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/data-protection-register-of-processing-activities\/\">Data Protection Register of Processing Activities<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/data-protection-representation-in-switzerland\/\">Data protection representation in Switzerland<\/a>\r\n                <\/li>\r\n                   <\/ul>\r\n<\/section> \n<\/div>\n<\/div><\/div><\/div>\n\n<hr class=\"wp-block-separator has-text-color has-accent-color has-alpha-channel-opacity has-accent-background-color has-background\"\/>\n","protected":false},"excerpt":{"rendered":"<p>implement identified data protection measures<\/p>\n","protected":false},"featured_media":0,"parent":1359,"menu_order":21,"template":"","rechtsgebiet-kategorie":[41],"class_list":["post-1358","rechtsgebiet","type-rechtsgebiet","status-publish","hentry","rechtsgebiet-kategorie-data-protection-law"],"acf":[],"_links":{"self":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet\/1358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet"}],"about":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/types\/rechtsgebiet"}],"up":[{"embeddable":true,"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet\/1359"}],"wp:attachment":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/media?parent=1358"}],"wp:term":[{"taxonomy":"rechtsgebiet-kategorie","embeddable":true,"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet-kategorie?post=1358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}