Did you miss the September 1st deadline? Get your company back on track with compliance.
Navigating the Revised Swiss Data Protection Act: A High-Level Roadmap for Compliance
Swiss Companies Urged to Strengthen Data Protection Obligations as Revised Data Protection Act Comes into Force
As of September 1st, 2023, Swiss companies are required to be compliant with the revised Swiss Data Protection Act (nFADP) to strengthen data protection obligations. Whether your company is just starting out with data protection or already has a solid foundation, a high-level roadmap has been provided to help businesses navigate the new requirements.
The first step is to prepare or update your privacy notice to inform data subjects about the processing of their personal data. This notice should include the company’s identity, contact details, the purpose of data collection, recipients of personal data, and safeguards for data transfer.
Next, companies must keep an inventory of their processing activities, detailing the purpose of processing, categories of data subjects, recipients, storage period, security measures, and recipient countries. It is important to regularly update this inventory and assign responsibility for monitoring data processing activities to relevant departments.
Companies must also define an internal process for handling data subjects’ requests, such as access, correction, deletion, or data transfer. A data protection impact assessment (DPIA) process and template should be prepared for high-risk data processing activities, with consultation with the Federal Data Protection and Information Commissioner (FDPIC) if necessary.
An internal process for notifying the FDPIC of data breaches is also required, along with implementing data security measures to protect personal data. Existing data processing agreements with third parties should be reviewed and updated, and cross-border data transfers should comply with the law to avoid fines.
Consider appointing a data protection advisor to advise the company and act as an intermediary for data subjects and authorities. Lastly, train all employees on data protection compliance duties to ensure awareness and avoid criminal sanctions for non-compliance.
The revised Swiss Data Protection Act aims to increase personal data protection and transparency in the digital world. For assistance with compliance or to discuss the topic further, key contacts at Deloitte Legal are available to provide guidance and support.
