Navigation auf


Legal Services and Data Protection


What is the GDPR?

The European Union’s General Data Protection Regulation is an EU regulation on data protection that mainly applies in the EU, but also affects Switzerland (both directly and indirectly when drafting new laws).

The full text of the regulation can be accessed here:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

For whom does the GDPR apply?

The GDPR first applies to the processing of personal data by a person or an organization acting in the EU, irrespective of whether there is data processing.

However, the GDPR can also apply to a person or an organization not acting in the EU (such as UZH). This is possible if the data processing is carried out in connection with

  1. Offering goods or services to data subjects in the EU, irrespective of whether a payment is provided for them (e.g. an online shop that ships to the EU, or a continuing education offering that is explicitly geared to people in the EU as well);
  2. Observing the conduct of data subjects, if their conduct is in the EU (e.g. a website on which the conduct of individual visitors – including people domiciled in the EU – is analyzed using Google Analytics).

Further Information

What does an organization have to do to comply with the EU GDPR?

References of European Commission Europäischen Kommission

FAQs about the basic principles of lawful data processing

Basics of European Commission

Guidelines and recommendations on a number of provisions of the GDPR

Guidelines, Recommendations, Best Practices of European Data Protection Board