Data Protection Officer pension fund
Our expertise: Data protection for pension funds
Registered pension funds operating in both the mandatory and non-mandatory areas are subject to the data protection provisions for federal bodies and must appoint a Data Protection Officer under Art. 25 of the Data Protection Ordinance.
As external Data Protection Officer, the team at OBSECOM GmbH is your point of contact for data protection issues relating to your pension fund. We do not limit ourselves to checklists and questionnaires. With our legal background and many years of experience as Data Protection Officers for Switzerland, we provide your pension fund with comprehensive, personalised advice and propose practical solutions to ensure that your processing of personal data complies with the Swiss Federal Act on Data Protection (FADP). We understand the specific nature of data processing in pension funds and ask the right questions to properly assess the technical and organisational standards required to protect the data entrusted to you.
Our services
As your external Data Protection Officer, we help you creating a detailed inventory of the current status of your data protection measures and prepare documentation and templates:
- Creation of a register of processing activities
- Identification of data processing
- Documentation of technical and organisational measures
- Preparation of privacy notices for data subjects (e.g. policyholders, employees, website, etc.)
We assist you with ongoing support by:
- Maintaining the register of processing activities
- Answer data protection questions
- Create procedures for handling data subject requests, data breaches and privacy impact assessments
- Task management with reminders to review required actions
- Checklists for data protection issues
- Staff training
 |
FLORIAN WUTTKE Florian Wuttke is your competent contact for questions regarding Data Protection Officers for pension funds. He has many years of experience as a Data Protection Officer in Switzerland. |
Request an offer now
We will be happy to make you an offer for the appointment of an external Data Protection Officer for your pension fund. We provide personal, comprehensive and legally compliant advice throughout Switzerland.
More about data protection for pension funds
Frequently asked questions on data protection for pension funds
What are the main obligations of pension funds under the FADP?
Does a pension fund have to appoint a Data Protection Officer?
Does a public cantonal pension fund under public law have to appoint a Data Protection Officer?
What are the duties of a pension fund Data Protection Officer?
What are the advantages of appointing an external Data Protection Officer for pension funds?
What are the penalties for breaching the FADP?
What are the main obligations for pension funds under the FADP?
A pension fund’s data protection obligations include the following: Registered pension funds operating in both the mandatory and non-mandatory sectors must appoint a Data Protection Officer and register this officer with the Federal Data Protection and Information Commissioner (FDPIC). Data subjects must be fully informed about the purposes of data processing. Personal data may only be processed for specified purposes and should be limited to what is necessary. A register of processing activities must be kept and published on the FDPIC‘s website. Pension funds must protect the privacy rights of data subjects. Requests from data subjects must be answered within a specified period of time. Personal data must be protected against loss and unauthorized disclosure by appropriate technical and organizational measures. Employees must be sensitized to the use of IT.
Does a pension fund have to appoint a Data Protection Officer?
Enveloping (registered) pension funds that are active in both the mandatory and non-mandatory areas are subject to the data protection provisions for federal bodies and must appoint a data protection advisor in accordance with Art. 25 of the Data Protection Ordinance. The appointment of a Data Protection Officer is only optional if the pension fund’s data processing can be allocated exclusively to the non-mandatory area.
Does a cantonal pension fund under public law have to appoint a Data Protection Officer?
Firstly, a cantonal pension fund under public law is not a private person and is not a federal body. The FADP is therefore not applicable. As public institutions of the canton, these pension funds are subject to the respective cantonal data protection laws. The data protection laws of the cantons of Fribourg, Lucerne and Obwalden contain provisions on the appointment of Data Protection Officers or data protection contact persons. An obligation for cantonal pension funds to appoint such a person must therefore be examined on a case-by-case basis. However, since pension funds regularly process sensitive personal data, it is recommended that a data protection organization be set up to ensure that all legal requirements are met.
What are the tasks of a pension fund’s Data Protection Officer?
The Data Protection Officer of a pension fund performs a variety of tasks to ensure the protection of personal data and compliance with data protection laws. The Data Protection Officer is the point of contact for data subjects and authorities, and trains and advises pension fund employees on data protection issues. He is involved in the application of data protection laws. It also assesses the risks associated with the processing of personal data. He advises on the preparation of privacy impact assessments and reviews their implementation. The Data Protection Officer recommends corrective action if a privacy violation is identified. He or she reviews order processing contracts and checks whether existing policies, procedures and privacy statements need to be updated to comply with legal requirements. As an external data protection officer, OBSECOM also maintains the register of processing activities and supports the pension fund in setting up a data protection organization and in responding to inquiries from data subjects, such as requests for information. OBSECOM also assists in the management of data breaches.
What are the advantages of appointing an external Data Protection Officer for pension funds?
Appointing an external Data Protection Officer offers many benefits to pension funds: They bring an unbiased perspective and can evaluate data protection practices neutrally. The consultants of OBSECOM have specialized knowledge and many years of experience in data protection law and provide high-quality advice. External Data Protection Officers have certified and well-founded expertise. They are always up to date on the latest developments in data protection law. The company’s liability risk is easier to manage with an external Data Protection Officer. External DPOs do also enjoy special protection against dismissal. Termination of the mandate is regulated by contract. The cost of the external service should be compared with the cost of the salary, training and development of an internal Data Protection Officer.
What are the penalties for violating the FADP?
The willful disregard of certain data protection obligations can be prosecuted under the FADP and punished with a fine of up to CHF 250,000. The fines are directed at the persons responsible (for example, members of the board of directors, management, etc.). According to Art. 60 FADP, the intentional provision of false or incomplete information to data subjects may be penalized. Also, under Art. 61 FADP, individuals are liable for the unauthorized disclosure of personal data and for failure to comply with the minimum technical and organizational security requirements. For example: in the case of intentional disclosure of personal data to data processors without having fulfilled the requirements of Art. 9 FADP or in the case of deliberate disregard of the minimum technical and organizational requirements.