European General Data Protection Regulation (GDPR)

GDPR as an ongoing compliance challenge

The European General Data Protection Regulation (GDPR) came into force on 25 May 2018 and introduced significant obligations for organisations processing personal data of EU citizens, regardless of where they are established. Due to their international activities, cross border interactions and use of digital platforms, many Swiss based organisations are directly subject to GDPR requirements.

GDPR compliance is not a one off exercise. It requires a structured, documented and continuously monitored approach to data protection, governance and security. RSM Switzerland supports organisations in understanding their obligations and implementing pragmatic and sustainable GDPR compliance frameworks.

A pragmatic approach tailored to Swiss SMEs and mid market organisations

Swiss SMEs and mid market organisations face specific GDPR challenges. While they are often subject to the same regulatory requirements as larger groups, they must address them with proportionate resources, pragmatic governance and limited internal capacity.

RSM Switzerland supports Swiss based organisations in implementing GDPR compliance approaches that are realistic, risk based and adapted to their size, structure and international exposure. Our focus is on delivering effective compliance without unnecessary complexity, ensuring that data protection requirements are embedded into daily operations and aligned with broader risk management and information security frameworks.

GDPR readiness and initial assessment

A successful GDPR journey starts with a clear understanding of how personal data is processed within the organisation. RSM Switzerland supports organisations through targeted GDPR flash diagnoses, designed to quickly assess exposure and priorities.

This initial phase typically includes:

• Evaluation of the organisation’s sensitivity to GDPR requirements;
• Identification of main personal data processing activities;
• Definition of initial compliance actions to be implemented.

This structured assessment provides a clear starting point and supports informed decision making.

GDPR compliance implementation and support

Based on the initial assessment, RSM Switzerland supports organisations throughout the implementation of GDPR compliance measures. Our approach focuses on translating regulatory requirements into practical and proportionate actions.

Our GDPR compliance services include:

• Awareness and training of employees;
• Preparation and maintenance of records of processing activities;
• Assessment of the compliance of identified processing activities;
• Formalisation of a detailed GDPR compliance roadmap;
• Drafting and updating privacy policies, rights management procedures and breach notification processes.

Outsourced Data Protection Officer (DPO) and operational support

Depending on their size and activities, organisations may be required to appoint a Data Protection Officer (DPO) or ensure equivalent expertise. RSM Switzerland provides outsourced DPO services or supports internal DPOs in fulfilling their responsibilities.

This includes:

• Management and follow up of the GDPR compliance plan;
• Handling data subject rights requests;
• Support in managing personal data breaches and security incidents;
• Assessment of GDPR compliance of service providers and third parties;
• Support in internal communication and ongoing GDPR awareness.

Data protection governance, reporting and security

Effective GDPR compliance relies on strong governance, documentation and reporting. RSM Switzerland supports organisations in setting up dashboards and reporting tools to monitor compliance status and key risks.

We also support organisations in strengthening data protection through IT security assessments, including evaluations based on recognised standards such as ISO 27001 and the implementation of Information Security Management Systems (ISMS). This ensures that data protection requirements are aligned with broader information security and risk management frameworks.

By combining regulatory expertise, pragmatic implementation and strong governance, RSM Switzerland helps organisations achieve and maintain GDPR compliance while supporting operational efficiency and trust.