• GDPR Switzerland

FATCA Sponsor &
GDPR in short

The General Data Protection Regulation (DGPS) entered into force on 25 May. The Regulation is a set of rules on the protection of personal data that have two main objectives: to give European citizens full control over their personal data and to simplify the regulatory framework for companies that manage such data. The GDPR rules protect the data of European citizens and apply to all companies that process or manage such data, regardless of the country in which they have their registered office or the place where the data are processed. Companies that offer goods or services (whether or not they are paid for) or that monitor the behaviour of EU residents are subject to the GDPR.

Personal Data Protection

The impact is greater than we think, because the GDPR concerns companies that manage all types of personal data - from information about their employees to customer profiling for third parties. In addition, it introduces economic fines for companies that do not comply with the regulations, which can reach up to 4% of the overall annual turnover or €20 million. A company is liable to sanctions if, for example, it does not have adequate policies on consent to the processing of personal data or if it violates the principles underlying the concept of "Privacy by Design". Among the obligations to be taken into account are a clear request for consent (Article 7), the establishment of a data processing register (Article 30), the notification of data breaches within 72 hours (Article 33), the appointment of a "Data Protection Officer" (Article 37) and the establishment of a procedure enabling the data subject to easily exercise his rights (Articles 15-22).


In this context, Geneva Compliance Group (GCG) offers Swiss companies that collect and process personal data from European Union nationals to assist them in reviewing, implementing and updating their regulatory framework and IT infrastructure in terms of security, transparency and portability. GCG offers consulting services for the drafting of a new set of data protection documents for your organization - such as a new privacy notice and internal privacy policy to ensure legal and operational compliance with the RDPP -, the establishment of new IT security best practices and employee training. In addition, GCG can act as an external data protection delegate for companies that prefer to outsource the role in order to guarantee the principle of impartiality and avoid possible conflicts of interest.


Geneva Compliance Group uses a state of the art IT solution constructed on an ISO 27001 compliant infrastructure along with strong authentication and encrypted communication.