Data protection: what you should know

The new Data Protection Act (FADP) comes into force on September 1, 2023. All companies in Switzerland are affected, including SMEs. Here are some of the details.

A person on a computer with fingerprint and lock pictograms.

Switzerland is adopting new data protection laws that will come into force on September 1, 2023. "This is an important step for Switzerland and its business community," says Leonie Ritscher, project manager at economiesuisse and an expert in this area. The previous law dates back to 1992, and the use of data has changed considerably since then."

One of the goals of the new Data Protection Act (FADP) is to ensure compatibility with international law and in particular, the European General Data Protection Regulation (GDPR), adopted by the European Union in 2016. "The GDPR provides for cross-border data exchange without additional requirements from third states with an adequate level of data protection. Until now, Switzerland enjoyed de facto recognition, but this is currently being reviewed. The legislative revision makes it possible to address this issue while incorporating certain specific features unique to our country."

Swiss specifics

Swiss companies that have already adapted to the GDPR are going in the right direction, but they still need to check certain details to make sure they are compliant with the new Swiss legislation, the expert says. "This particularly relates to the duty to inform when collecting personal data and the definition of particularly sensitive personal data." Another point of note is that companies must appoint a specific person in charge of data protection issues, who may be sanctioned in the event of a breach of the FADP.

"This applies to all companies, including SMEs", says Leonie Ritscher. Some aspects of the law, however, only affect companies that process large volumes of data or particularly sensitive personal data, such as health-related material. "I strongly recommend being clear about the measures that need to be taken without waiting until the last minute, especially since it is always more complicated to implement new processes during the summer due to staff absences."

Customer expectations

The Zurich-based start-up Yooture is among the companies that use a lot of data. Nine years ago, it launched a job-matching application, which aims to simplify applications and recruitment. Yooture has recorded more than 500,000 downloads since its launch, and now has nearly 250,000 registered user profiles and 2,000 client companies.

"The use of sensitive data is a concern for us since the launch of the project, especially in response to requests from our customers," explains Claudio Lehmann, co-founder of Yooture. We are often asked, for example, if our data is hosted in Switzerland, which it is. What's more, users of the application can delete their entire profile with a few clicks."

As the app is hosted on international platforms and also welcomes candidates from neighboring countries, Yooture became compliant with the GDPR upon its implementation. "However, the revision of the DPA prompted us to verify our practices and documents with a specialized lawyer." To those who have not yet grappled with these issues, the entrepreneur advises starting by delving deeper into the topic online. "There are many, many useful resources available for free. They can help, for example, to establish a template for general terms and conditions or a privacy policy, which can then be submitted to a legal expert for verification and completion of these documents."

Leonie Ritscher agrees: "Some entrepreneurs may think that data protection is an elusive and complicated topic, but it is definitely worth the time. Especially since data protection is a reputation issue as well. Investing in data protection is a pledge to the future of your business."


Information

On the theme

FADP compliance; useful resources

To ensure readiness when the new law comes into force, the first step is to take stock of the situation: what data is stored, how it is processed, who has access to it, etc. "We have published an FAQ to raise awareness of the subject among companies, but it was published before the ordinance was issued, so it does not take it into account," says Leonie Ritscher, project manager at economiesuisse. "Several industry associations have also published documents summarizing the issues, which can be consulted before calling in a specialist if necessary.

Last modification 01.03.2023

Top of page

News and useful information for founders and entrepreneurs.
https://www.kmu.admin.ch/content/kmu/en/home/aktuell/monatsthema/2023/datenschutz-was-man-wissen-muss.html