Legal

Legally compliant buyer management — What project managers need to know

March 2026 · 10 min read

Most project managers know buyer management involves paperwork. Fewer understand exactly what documentation is legally required, what constitutes a valid digital approval, and what the consequences are when documentation is incomplete. This article covers the essentials.

Why compliance matters in buyer management

Buyer management generates a substantial paper trail: selections, upgrades, change requests, cost adjustments, approvals, and final handover records. In most Swiss residential projects, this documentation will be referenced years after completion — in warranty disputes, in legal proceedings, and in tax or regulatory audits.

The good news is that the legal requirements are clear and manageable. The problem is that manual workflows — email, spreadsheets, WhatsApp — make it extremely difficult to satisfy them consistently across a multi-unit project.

What the revDSG means for you

Switzerland's revised Federal Act on Data Protection (revDSG) has been in force since 1 September 2023. For residential construction project managers, the most relevant obligations are:

  • Data processing basis. Personal data — including buyer names, contact details, financial information, and individual selection preferences — may only be processed where there is a legitimate basis. A purchase contract typically satisfies this, but buyers should be informed of what data is processed and how.
  • Data security. You must implement technical and organisational measures appropriate to the risk. Storing buyer decisions in unencrypted spreadsheets on a shared network drive does not meet this standard.
  • Data retention and deletion. Data must not be kept longer than necessary for its purpose. At the same time, construction law may require you to retain documentation for a significant period after handover — typically 5 years for contractual claims, 10 years for structural defects under the Swiss Code of Obligations.
  • Data processor agreements. If you use a cloud platform to manage buyer data, you need a valid data processing agreement with the provider, and the data must be stored in Switzerland or in a jurisdiction with equivalent protection standards.

What constitutes a valid digital approval

A buyer's approval of a material selection, a cost upgrade, or a change to scope has legal significance. For it to be enforceable, it must meet certain criteria:

  • Identity of the approver. The record must clearly identify who gave the approval. An email from a verified address is acceptable; a click by an anonymous user is not.
  • What was approved. The approval must be linked to a specific, unambiguous version of the item — the exact product, colour, specification, and, where relevant, the associated cost impact.
  • Timestamp. The approval must be timestamped in a way that can be verified and is tamper-resistant.
  • Version control. If a buyer revises a decision, the original approval and the revision must both be recorded, with a clear record of which supersedes which.

A simple email chain can satisfy most of these criteria in principle, but becomes unmanageable across a large project. A structured digital workflow makes it systematic.

The risk of incomplete documentation at handover

Documentation failures at handover are more common than the industry acknowledges. Typical scenarios:

  • A buyer disputes a tile selection, claiming they approved a different product. The project manager cannot produce a signed record of the correct approval.
  • An additional cost is disputed at final settlement. The project manager cannot show the buyer expressly approved the cost increase at the time the decision was made.
  • A supplier installs incorrect fittings. The briefing document sent to the supplier did not include the confirmed specification, and there is no record of who created the briefing or which version of the buyer's selection it was based on.

In each case, the project manager and the general contractor are exposed. In the absence of documentation, Swiss courts tend to resolve disputes in favour of the buyer.

A practical compliance checklist

Use this checklist to assess your current process:

  • Every buyer selection is recorded in a system that timestamps the entry and identifies the user who made it
  • Every approval is stored as a retrievable record linked to the exact version of the item approved
  • Change requests are documented separately from original approvals, with a clear trail of versions
  • Cost impact notifications are sent to buyers in writing (email or platform message) before the cost is incurred
  • Supplier briefings reference a specific, versioned approved selection — not a manually transcribed summary
  • At handover, a complete selection and approval record can be produced for each unit within one working day
  • Buyer data is stored in a GDPR/revDSG-compliant environment with an active data processing agreement
  • Documentation is retained in a secure, accessible archive for at least 10 years after handover

The simplest way to meet all requirements

The most reliable way to satisfy all of these requirements is a purpose-built buyer management platform that handles the documentation layer automatically — so project managers can focus on managing projects rather than creating paper trails. Look for a platform that produces a complete audit trail at every stage, generates supplier briefings directly from approved selections, and stores all data in a compliant Swiss hosting environment.

See how oneLynk handles compliance automatically

Every approval, every version, every briefing — documented and retrievable without extra effort from your team.

Request demo More articles