fccDataPrivacy is essentially based on the following principles:

  • Legal basis
    • GDPR (EU General Data Protection Regulation)
    • nDSG (the revised Swiss Data Protection Act)

  • Standards
    In addition to the well-known standards such as BSI-Grundschutz or ISO 27001 in the area of information security, a new group of standards has been established especially for the SME sector, which substantially reduces the rather high planning and implementation costs of BSI-Grundschutz and ISO 27001.

    • VdS 10000 (Edition 2018-12)
      VdS 10000 describes the implementation of an information security management system. It can be seen as the "little sister" of ISO 27001: with 20% of the effort required, 80% of the security level of ISO 27001 can be achieved (statement by VdS).
      And anyone who still wants to switch to ISO 27001 at a later date can do so on the basis of the work already done on VdS 10000 

    • VdS 10010 (2017-12 edition)
      VdS 10010 describes guidelines for the implementation of the GDPR. With the compact guide, which is specially tailored to small and medium-sized enterprises, the legal, organisational and technical requirements of the GDPR can be implemented in a clearly structured manner and with manageable effort  

      Also important: a certification process exists for both standards.

      fccDataPrivacy is essentially based on the VdS standards VdS 10000 (information security) and VdS 10010 (data protection).

  • Relevant technical literature.