Ordinance
on Data Protection
(Data Protection Ordinance, DPO)

¹ In or­der to guar­an­tee con­fid­en­ti­al­ity, the con­trol­ler and the pro­cessor must take ap­pro­pri­ate meas­ures to en­sure that:

a.

au­thor­ised per­sons only have ac­cess to those per­son­al data that they re­quire to ful­fil their tasks (data ac­cess con­trol);

b.

only au­thor­ised per­sons have ac­cess to the premises and fa­cil­it­ies in which per­son­al data are pro­cessed (premises and fa­cil­it­ies ac­cess con­trol);

c.

un­au­thor­ised per­sons are un­able to use auto­mated data pro­cessing sys­tems by means of data trans­mis­sion devices (user con­trol).

² In or­der to guar­an­tee avail­ab­il­ity and in­teg­rity, the con­trol­ler and the pro­cessor must take ap­pro­pri­ate meas­ures to en­sure that:

a.

un­au­thor­ised per­sons are un­able to read, copy, al­ter, move, de­lete or des­troy data car­ri­ers (data car­ri­er con­trol);

b.

un­au­thor­ised per­sons are un­able to save, read, al­ter, de­lete or des­troy stored per­son­al data (stor­age con­trol);

c.

un­au­thor­ised per­sons are un­able to read, copy, al­ter, de­lete or des­troy per­son­al data in the event of the dis­clos­ure of per­son­al data or when data car­ri­ers are be­ing trans­por­ted (trans­port con­trol);

d.

the avail­ab­il­ity of per­son­al data and ac­cess to them can be rap­idly re­stored in the event of a phys­ic­al or tech­nic­al in­cid­ent (res­tor­a­tion);

e.

all func­tions of the auto­mated data pro­cessing sys­tem are avail­able (avail­ab­il­ity), mal­func­tions are re­por­ted (re­li­ab­il­ity) and stored per­son­al data can­not be dam­aged by sys­tem mal­func­tions (data in­teg­rity);

f.

op­er­at­ing sys­tems and ap­plic­a­tion soft­ware al­ways meet the latest se­cur­ity stand­ards and known crit­ic­al vul­ner­ab­il­it­ies are re­solved (sys­tem se­cur­ity).

³ In or­der to guar­an­tee trace­ab­il­ity, the con­trol­ler and the pro­cessor must take ap­pro­pri­ate meas­ures to en­sure that:

a.

it can be veri­fied what per­son­al data were entered or altered in the auto­mated data pro­cessing sys­tem at what time and by which per­son (entry con­trol);

b.

it can be veri­fied to whom per­son­al data are dis­closed with the aid of data trans­mis­sion devices (dis­clos­ure con­trol);

c.

breaches of data se­cur­ity are re­cog­nised rap­idly (re­cog­ni­tion) and meas­ures are taken to mit­ig­ate or elim­in­ate the con­sequences (elim­in­a­tion).