It is important to have clear and precise data protection contracts that define the obligations and responsibilities of the parties involved in the collection, storage, processing and protection of personal data. For example, a contract may include clauses on:
- the use of personal data
- communications with third parties or with actors outside Switzerland
- supporting measures (requests from data subjects, etc.)
- security measures and reporting of breaches
- the return of data
- the description of monitoring and auditing processes