Data Privacy Representations

Data protection law applies in principle in the jurisdiction defined in each case: for the GDPR these are the EU member states, for the revDSG1 it is Switzerland. In order to enable the enforcement of these laws, market participants (companies, associations, federations) without an establishment in the jurisdiction in which they offer goods or services or monitor the behaviour of natural persons (e.g. tracking cookies) must set up a data privacy representation. This essentially serves as a contact point for data subjects and a contact point for supervisory authorities.
1 The revDSG replaces the Swiss Data Protection Act (DSG), which dates back to 1993. The revDSG has been passed by parliament and is expected to enter into force in early /
  mid 2022.

Legal basis
  • Data Privacy Representation in the EU (Art. 27 GDPR)
    The GDPR applies to the processing of personal data of data subjects located in the EU by a controller or processor not established in the EU where the data processing is in connection with
    • offering goods or services to data subjects in the EU, irrespective of whether payment is to be made by those data subjects 
    • monitor the conduct of data subjects to the extent that their conduct takes place in the EU.
  • Data Privacy Representation in Switzerland (Art. 14 revDSG)
    Private data controllers domiciled or resident abroad must designate a representation in Switzerland if they process personal data in Switzerland and one of the following conditions is met:
    • the data processing is related to offering goods or services in Switzerland or to monitoring the behaviour of these persons
    • the processing is extensive
    • the processing is carried out on a regular basis
    • the processing involves a high risk to the personality of the data subjects.


For further details, please see the price list.