Data Privacy Representations

Data protection law applies in principle in the jurisdiction defined in each case: for the GDPR these are the EU member states, for the nDSG1 it is Switzerland. In order to enable the enforcement of these laws, market participants (companies, associations, federations) without an establishment in the jurisdiction in which they offer goods or services or monitor the behaviour of natural persons (e.g. tracking cookies) must set up a data privacy representation. This essentially serves as a contact point for data subjects and a contact point for supervisory authorities.
1 The nDSG replaces the Swiss Data Protection Act (DSG), which dates back to 1993. → Data Protection in Switzerland

Legal basis
  • Data Privacy Representation in the EU (Art. 27 GDPR)
    The GDPR applies to the processing of personal data of data subjects located in the EU by a controller or processor not established in the EU where the data processing is in connection with
    • offering goods or services to data subjects in the EU, irrespective of whether payment is to be made by those data subjects 
    • monitor the conduct of data subjects to the extent that their conduct takes place in the EU.
  • Data Privacy Representation in Switzerland (Art. 14 revDSG)
    Private data controllers domiciled or resident abroad must designate a representation in Switzerland if they process personal data in Switzerland and one of the following conditions is met:
    • the data processing is related to offering goods or services in Switzerland or to monitoring the behaviour of these persons
    • the processing is extensive
    • the processing is carried out on a regular basis
    • the processing involves a high risk to the personality of the data subjects.



Data protection representations in the EU and Switzerland are almost identical: both act as contact points for data subjects and supervisory authorities and both are organised as mandates, i.e. they work according to the specifications of the respective client (data controller) and the desired services are agreed upon in advance.

Therefore, the services for data protection representations in the EU and Switzerland are also identical:

  • included in the base fee:
    • provision of our address
    • if desired, we also provide an email address (free of charge)
    • Provision of the customer's (data controller's) processing directory; provided by the customer
    • Provision of professionally qualified data protection experts
    • Online access to the fccDataPrivacy data protection representations module
  • all other activities are charged by the minute according to time spent, e.g:
    • Forwarding of requests (electronically or by letter post)
    • Verification of data subject requests
    • Information on the rights of data subjects in the event of corresponding enquiries
    • Communication with the competent supervisory authorities
    • and much more.

The services do not constitute legal advice.



For further details, please see the price list.