# Compliance

GDPR, accessibility, security — we help you get compliant with our partner A-Track.

## What we offer

- Complete GDPR/nLPD Audit
- Technical Compliance
- Cookie management and consent
- Team Training
- Record of Processing Activities
- Certified A-Track Partner

## Compliance is no longer an option

Since the entry into force of the nLPD in Switzerland, data protection is no longer an option — it is a legal obligation. Yet, a large majority of Swiss SMEs are still not compliant.

Compliance is not just putting a cookie banner on your site. It is **protecting your users**, **securing your business**, and **showing your seriousness** to your clients and partners.

At Mermio, we support you with our partner **A-Track**, an expert in digital compliance — for a complete, understandable, and sustainable compliance process.

## What we do for you

### GDPR / nLPD Compliance Audit

Identification of collected data, legal bases, data flows.

### Technical Compliance

Cookie management, consent, anonymization, processing register.

### Training for your team

Best practices, handling access requests, conduct in case of an incident.

## What you get

After the intervention, you leave with a technically compliant site, an updated processing register, and a trained team — without incomprehensible legal jargon. We explain what we do, why, and how to remain compliant over time.

## Integrated tools, no need to search yourself

And to go further: **all the necessary tools for your compliance are included in our service**. No need to search, compare, or subscribe yourself — we integrate and configure proven solutions for you like **Cookie-Script** for consent management and **Stape.io** for privacy-respecting tracking.

[Start a project](https://www.mermio.ch/en/contact)

## FAQ

**Q: What is the nLPD and does it concern me?**
A: The **nLPD** (new Federal Data Protection Act) is the Swiss law that regulates the collection and processing of personal data. It came into effect on September 1, 2023, and applies to any Swiss company that collects data — including through a simple contact form or an analysis tool like Google Analytics.

**Q: What is the difference between nLPD and GDPR?**
A: The nLPD is the Swiss law, the GDPR is the European regulation. If you process data of individuals in Switzerland, the nLPD applies. If you also have clients in the EU, the GDPR adds on. Our audit covers **both regulatory frameworks** so that you are compliant no matter your market.

**Q: I already have a cookie banner, is that enough?**
A: A cookie banner is a start, but it's only a visible part of compliance. You also need a **record of processing**, an updated privacy policy, proper consent management, and internal processes to respond to access requests. Our service covers all of these aspects.

**Q: Who conducts the compliance audit?**
A: We work with **A-Track**, a certified expert in digital compliance. They are our trusted partner for audits, technical compliance, and training. This collaboration allows us to provide you with comprehensive support, from diagnosis to implementation.

**Q: Are compliance tools included in the service?**
A: Yes. We integrate and configure proven tools for you such as **Cookie-Script** for consent management and **Stape.io** for privacy-friendly tracking. Everything is included in the service — no need to search for or subscribe yourself.

**Q: Will my team be trained after compliance?**
A: Yes. Compliance does not stop at implementation. Your team receives **training on best practices**: managing data access requests, actions to take in case of an incident, and daily habits to adopt. The goal is for you to remain compliant over the long term, independently.