What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of the personal data processing with the applicable law. The DPO communicates information on processing personal data such as its: purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
There is no obligation to appoint a DPO in Switzerland. However, to comply with the data protection regulations, it is highly recommended to appoint a DPO under Swiss law. Moreover, if an organization wants to be exempted from the requirement to notify the data collection to the Federal Data Protection and Information Commissioner (FDPIC) under the current data protection legislation, it has to appoint a DPO and inform the FDPIC that a DPO has been appointed. In this case, the registration requirement to the FDPIC may not apply. The main responsibility of the DPO is to monitor internal compliance with data protection regulations and maintain a list of the data files.