DATA PROTECTION CONFUSION?
OUR DATA PROTECTION check HELPS YOU
The amendments to the Data Protection Law as of September 1, 2023, will bring about mandatory changes for your web applications. Do you not have a clear overview and need support?
Leave the check-up of your online applications to us. With our new data protection check for the web, your company is well equipped online and you can sit back and relax while the new data protection law comes into force.
Are you interested? Fill out the form below and we will contact you as soon as possible.
NEW DATA PROTECTION LAW
CHANGES COME INTO FORCE ON SEPTEMBER 1, 2023
On September 1, 2023, the new Data Protection Act (DSG) will come into force without a transition period. This will result in a number of changes that must be observed.
The aim of the new Data Protection Act is to adapt data protection to the changed technological and social conditions. Consequently, for companies this means an increase in compliance requirements as well as a tightening of the penal provisions.
In terms of compliance requirements, the information and disclosure obligations, documentation requirements, data security regulations and the obligation to report data security breaches will be extended and tightened.
As a tightening of the penal provisions, this means that higher fines will be issued (up to CHF 250,000.00), personal liability will come to the fore as well as that administrative proceedings may occur with cost consequences as a result of the strengthening of the competences of the supervisory authority.
Scope of application
The new Swiss Data Protection Law is aimed at all companies where the company's customers are located in Switzerland. This means that the Data Protection Law does not focus on the company's location, but rather on its customer data.
CHECKLIST DATA PROTECTION
WHAT DO YOU HAVE TO CONSIDER?
- Inventory / data processing directory
Document your data processes. Check the maintenance of a data processing directory for more than 250 employees or for particularly sensitive personal data.
How is your data obtained and processed? A current data protection declaration must be displayed.
- Data security
Take technical and organizational measures and update your IT regulations to ensure data security for your employees and customers.
- Commissioned data processors / outsourcing
If you pass on data to other persons/institutions, it is mandatory to conclude an order processing agreement (AVV).
- DSFA Data protection impact assessment
For future projects, document your plans and measures regarding data processing. It is mandatory to prepare a corresponding data protection impact assessment.
- Data subject rights
Individuals may request information about the following upon request: Requests for information, data correction, human hearing in the case of automated individual case decisions, deletion concept.
- Data disclosure abroad
Is personal data processed directly or indirectly in other countries? For example, Google services? Data protection in these countries must be checked and complied with.
- Data Breach Notification
Have you implemented notification processes to the Federal Data Protection and Information Commissioner (FDPIC) and other data subjects?
- Privacy by default
Privacy settings must be set to the minimum required information by default.
All entrusted data must remain secret.
- Processing principles
Customers must be informed about every data transfer.
- Data protection officer
No data protection officer is required by law. However, individuals are always penalized and not the company itself.