Data protection for SMBs and Clubs - it doesn't have to be complex and expensive!
How are you positioned in terms of data protection?
Unfortunately, this is not the case: Data protection is hard work! In addition to the data protection elements already mentioned, data protection policy and cookie banner, there is a need for a lot more, for example:
- A data protection guideline that describes how data protection is handled in your organisation
- An organisational model that shows who is responsible for what in your organisation with regard to data protection
- processing activities that shows which personal data of your members, employees, customers or suppliers (in data protection language these are the data subjects) you process on what legal basis for what purpose and who is responsible for the various processing operations
- Technical and organisational measures describing what is done to prevent unauthorised access to the data from inside and outside the organisation
- processes and measures to adequately support the various data subjects' rights, such as the right of access or deletion
- Regular training of employees on the topics of data protection and data security
- and much more.
This documentation and processes must not only be created for the first time, but must also be lived, i.e. they must be regularly updated or reviewed.
What data protection legislation applies to you?
In principle, local data protection law applies. But that is only half the truth:
If you as a Swiss SME or association also have customers, employees or members in the EU or EEA, you are automatically also subject to the EU GDPR and must also appoint a data protection representation in the EU/EEA area (e.g. a branch). Conversely, and under certain conditions, this also applies to EU/EEA SMEs and associations that have customers, employees or members in Switzerland.
Since the EU has not yet managed to transpose the e-Privacy Directive (also known as the "Cookie Directive") into an EU-wide regulation (and it is not foreseeable when or if this will happen at all), each EU Member State has transposed e-Privacy into local law.
Our answer: fccDataPrivacy for SMBs and Clubs
We have therefore accepted the phrase "data protection is hard work" as a challenge and with fccDataPrivacy we provide a data protection application for SMEs and associations that automates many of the necessary measures, for example:
- we support both the European and Swiss data protection legislations
- we create and maintain processing directories for SaaS applications free of charge
- and much more.
And according to the motto "data protection does not have to be complex and expensive", we have designed our data protection application in such a way that - starting from the small sports club up to data protection professionals - all can map their data protection requirements. And at attractive prices.
fccDataPrivacy for SMBs and Clubs is a hosted standardised data protection platform that supports compliance with European and other data protection legislation through a few simple installation steps - at a predictable and affordable cost.
We provide a solution where:
- the legal data protection requirements are covered
the requirements of the EU-GDPR, EU ePrivacy Directive (Cookie Directive), the Swiss Data Protection Act and other international data protection laws are supported
- a high degree of automation is implemented
fccDataPrivacy is not an empty shell, but provides many necessary data protection elements ready-to-use, e.g.:
- Processing activities of SaaS products are provided free of charge and also maintained (e.g. in the case of release changes)
- Changes in the law are automatically incorporated into the data protection statement
- Many documents are automatically generated based on customer data and the processing activities
- the mandatory regular training for employees is already included
Customers have access to introductory training on Data Privacy in the form of online courses. Participation is recorded in order to comply with the legally prescribed obligation to provide proof of training
- the scope of services also includes vulnerability analyses
IT security is a process - vulnerability management provides the basis. Only those who know their weak points can implement security measures in a targeted manner. We provide the tools that we use ourselves
- all relevant information is accessible in a clear and secure portal
The customer portal provides all the information necessary for daily operations in a clear manner and all changes are traceable (audit trail)
- have an optimal price/performance ratio
Data Protection Readiness for Associations is already available for CHF 107.00 per year (excluding VAT and installation fee).