We expect the new Swiss Data Protection Act to come into force in mid-2022. The revised data protection law is necessary because the last version is over 30 years old. In the present day, electronic data collection plays a key role, so a reorientation seems essential at this point, also given the European General Data Protection Regulation (GDPR). Here you can read in compact form what companies should do now and what distinguishes the new Swiss Data Protection Act and the GDPR.
Update: What is the Revised Swiss Data Protection Act about?
The new Swiss Data Protection Act aims to protect natural persons’ fundamental rights and personalities. Through more transparency, the so-called informational self-determination is being promoted. On the other hand, the data of legal entities are no longer protected.
What do Companies need to do regarding the new Swiss Data Protection Act?
Because of the short time remaining, we urgently recommend that companies in Switzerland deal with the new data protection law. A situation analysis and a risk analysis are required to identify your specific need for action regarding your business model.
Which Companies are primarily affected by the new Swiss Data Protection Act?
There is an acute need for action, particularly for companies that collect large amounts of personal data (e.g., in online trading) or have a large customer base. Companies that collect personal data worthy of protection concerning Article 5 revised FADP are directly affected, including personal data on health, profiling, political or religious opinions, and others. In the areas mentioned above, the new Swiss data protection law increases the risk of violating personal rights, which means that companies could face severe penalties of up to CHF 250’000. In any case, companies should take the new law as an opportunity to revise their data protection compliance. In the end, the image can only benefit from this.
Differences between EU GDPR and the new Swiss Data Protection Act
If you compare both data protection laws directly, you will find many parallels. However, there are also apparent differences, with the Swiss FADP regulatory content not being as specific as the GDPR.
The Swiss data protection law tends to be less strict. Exceptions confirm the rule, as is well known, so the following differences, particularly, come into focus for companies. Regarding the information obligation for collecting personal data, the definition of personal data requiring special protection, and the definition of the material scope of application, the new Swiss FADP goes beyond the EU’s General Data Protection Regulation. A significant difference, which is quite crucial for companies, is that the Swiss data protection act generally permits data processing in the private sector. Justification grounds are much more limited in Swiss law. According to the GDPR, the processing of personal data is prohibited unless there is a justification reason with consent. Here, the GDPR defines significantly higher hurdles for companies.
Conclusion: Check the need for action in your company now!
In summary, the following challenges arise for companies as a result of the Swiss Data Protection Act 2022:
- Adaptation of documents/processes due to new documentation and information requirements.
- Review of contracts due to the risk of fines in the case of foreign transfers.
- Data loss and security breaches are reportable in the future, for which your company must implement processes.
- Implementation of a cookie banner
Manage new challenges in time!
With us as your partner, you use objective and expert input to make the new Swiss Data Protection Act a sustainable success. Compared to the General Data Protection Regulation, the FADP is less restrictive, so there may well be business opportunities in the new version of the law.
Contact us now so we can advise you: After an initial inventory analysis, it will quickly become evident what we need to do!