Incentive

When the revised data privacy act came into force on 1 January 2008, it created room for data protection certification processes. Conducted by entirely private certification bodies, they are conducive to the improvement of data protection and data security. With the new Data Protection Act coming into force on 1 September 2023, the ordinance issued specifically for this purpose, the VDSZ (SR 235.13), including the FDPIC's guidelines on the minimum requirements for a management system, was also revised.

Outcome

An efficient data protection management system is an adequate basis for meeting the required standards in relation to the safe administration of personal data and effective conformity with data privacy law and basic legislation, including appropriate levels of information security. The certificate helps to promote a good image and inspires trust in business partners, consumers, local authorities and public bodies. A certification process can be carried out by SQS which is duly accredited (for VDSZ/DPCO).

Target groups

The VDSZ certificate can be obtained by all organisations (companies, institutions and public authorities) which process personal data as defined by data protection legislation.

Validity

3 years - there is an annual audit to ensure that standards are being maintained and a recertification audit every 3 years.

Recognition

The SQS certificate of conformity with VDSZ has national recognition.

Combinations

VDSZ/DPCO can be combined with ISO 9001 (quality management), ISO/IEC 27001 (information security management) and GoodPriv@cy (data protection).