{"id":1363,"date":"2023-07-14T08:47:05","date_gmt":"2023-07-14T06:47:05","guid":{"rendered":"https:\/\/moorlaw.digicube.dev\/rechtsgebiet\/documentation-obligations\/"},"modified":"2023-11-18T12:31:31","modified_gmt":"2023-11-18T11:31:31","slug":"documentation-obligations","status":"publish","type":"rechtsgebiet","link":"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/documentation-obligations\/","title":{"rendered":"Data protection Documentation Obligations"},"content":{"rendered":"\n<p>The revised data protection law prescribes documentation obligations for companies. It may be advisable to create and maintain certain documentation even if not explicitly required. Documentation facilitates compliance and monitoring of obligations.<\/p>\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Document<\/strong><\/td><td><strong>Up to 250 employees *<\/strong><\/td><td><strong>Up to 250 employees **<\/strong><\/td><td><strong>More than 250 employees *<\/strong><\/td><td><strong>More than 250 employees **<\/strong><\/td><\/tr><tr><td>Register of Processing Activities (Art. 12 nDSG)<\/td><td>Generally mandatory, exception possible for SMEs<\/td><td>mandatory, exception possible for SMEs<\/td><td>Mandatory<\/td><td>Mandatory<\/td><\/tr><tr><td>Inventory of Applications<\/td><td>Recommended<\/td><td>Recommended<\/td><td>Recommended<\/td><td>Recommended<\/td><\/tr><tr><td>Internal Data Protection Policies<\/td><td>Recommended<\/td><td>Recommended<\/td><td>Recommended<\/td><td>Recommended<\/td><\/tr><tr><td>Information for Employees (Art. 6 u. 19 nDSG; art. 328b CO)<\/td><td>Mandatory<\/td><td>Mandatory<\/td><td>Mandatory<\/td><td>Mandatory<\/td><\/tr><tr><td>Privacy Policy for Website (Art. 6 u. 19 nDSG)<\/td><td>Mandatory<\/td><td>Mandatory<\/td><td>Mandatory<\/td><td>Mandatory<\/td><\/tr><tr><td>Process for Data Subject Rights (Art. 28 nDSG; Art. 16 ff. nDSV)<\/td><td>Recommended<\/td><td>Mandatory<\/td><td>Recommended<\/td><td>Mandatory<\/td><\/tr><tr><td>Documentation of Data Security Measures (Art. 8 nDSG; Art. 1 ff. nDSV)<\/td><td>Recommended<\/td><td>Recommended<\/td><td>Recommended<\/td><td>Recommended<\/td><\/tr><tr><td>Guidelines for Data Security Breaches (Art. 24 DSG, Art. 15 nDSV)<\/td><td>Recommended<\/td><td>Mandatory<\/td><td>Mandatory<\/td><td>Mandatory<\/td><\/tr><tr><td>Data Protection Impact Assessment (Art. 22 nDSG)<\/td><td>Recommended<\/td><td>Mandatory<\/td><td>Recommended<\/td><td>Mandatory<\/td><\/tr><tr><td>Agreements with Data Processors<\/td><td>Mandatory<\/td><td>Mandatory<\/td><td>Mandatory<\/td><td>Mandatory<\/td><\/tr><tr><td>Access Logs (Art. 8 nDSG; Art. 4 nDSV)<\/td><td>\u2013<\/td><td>***<\/td><td>\u2013<\/td><td>***<\/td><\/tr><\/tbody><\/table><\/figure>\n\n<p>Legend:<\/p>\n\n<p>PD = Personal Data<\/p>\n\n<p>* No processing of particularly sensitive PD<\/p>\n\n<p>** Processing of particularly sensitive PD<\/p>\n\n<p>*** Mandatory if processing a large volume of particularly sensitive personal data in an automated manner or conducting high-risk profiling, and data protection cannot be ensured through preventive measures.<\/p>\n\n<hr class=\"wp-block-separator has-text-color has-accent-color has-alpha-channel-opacity has-accent-background-color has-background\"\/>\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"gb-container gb-container-98a7c598\">\n<div class=\"gb-container gb-container-11a0998e\">\n\n<p><strong>Services<\/strong><\/p>\n\n\n\r\n<section id=\"digicube-block-653b8880876e9\"  class=\"chooseposttype-wrap\" >\r\n    <ul class=\"cpt-posts\">\r\n                   <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/service\/legal-services-for-corporates\/\">Legal Services for Corporates<\/a>\r\n                <\/li>\r\n                   <\/ul>\r\n<\/section> \n<\/div>\n\n<div class=\"gb-container gb-container-25f5bccc\">\n\n<p><strong><strong>Further reading<\/strong><\/strong><\/p>\n\n\n\r\n<section id=\"digicube-block-653b888087772\"  class=\"chooseposttype-wrap\" >\r\n    <ul class=\"cpt-posts\">\r\n                   <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/what-should-smes-do\/\">What should SMEs do?<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/new-swiss-data-protection-law\/\">New Swiss Data Protection Law<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/data-protection-register-of-processing-activities\/\">Data Protection Register of Processing Activities<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/data-protection-representation-in-switzerland\/\">Data protection representation in Switzerland<\/a>\r\n                <\/li>\r\n                   <\/ul>\r\n<\/section> \n<\/div>\n<\/div><\/div><\/div>\n\n<hr class=\"wp-block-separator has-text-color has-accent-color has-alpha-channel-opacity has-accent-background-color has-background\"\/>\n","protected":false},"excerpt":{"rendered":"<p>The revised data protection law prescribes documentation obligations for companies.<\/p>\n","protected":false},"featured_media":0,"parent":0,"menu_order":23,"template":"","rechtsgebiet-kategorie":[41],"class_list":["post-1363","rechtsgebiet","type-rechtsgebiet","status-publish","hentry","rechtsgebiet-kategorie-data-protection-law"],"acf":[],"_links":{"self":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet\/1363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet"}],"about":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/types\/rechtsgebiet"}],"wp:attachment":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/media?parent=1363"}],"wp:term":[{"taxonomy":"rechtsgebiet-kategorie","embeddable":true,"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet-kategorie?post=1363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}