Compliance Checklist for Swiss SMEs

Below is a checklist of key steps and practices to help ensure GDPR and nLPD compliance, summarising the discussions above. SMEs can use this as a reference to review their IT and data protection readiness.

Each step bellow corresponds to an essential aspect of GDPR/nFADP compliance. By following this checklist, SMEs can systematically address their obligations:

• Steps 1–3 set the foundation (responsibility, awareness, and transparency).
• Steps 4–5 focus on security and data management within IT operations.
• Step 6 covers vendor compliance, an often-overlooked area.
• Step 7 readies the organisation for the worst-case scenario of a breach.
• Step 8 ensures individual rights can be respected in practice.
• Steps 9–10 emphasise the human factor and continuous nature of compliance.

Finally, always refer back to authoritative resources for guidance. The official texts – GDPR (EU Regulation 2016/679) and the Swiss nFADP – are primary references (the Swiss FDPIC’s website provides detailed summaries of the new law’s provisions). Regulatory authorities like the European Data Protection Board and national bodies (e.g. the UK ICO or FDPIC) publish guides and FAQs which can be very helpful for SMEs. By staying informed through these sources and following the strategies in this guide, IT professionals and SME managers can confidently steer their organisations toward full compliance with both GDPR and nLPD, thereby protecting their clients’ data and their own business success.